Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1233 1 Ibm 1 Bigfix Remote Control 2019-10-03 7.2 HIGH 6.7 MEDIUM
IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.
CVE-2017-12654 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-12867 1 Simplesamlphp 1 Simplesamlphp 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
CVE-2017-12957 1 Exiv2 1 Exiv2 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
CVE-2017-13058 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-13059 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.
CVE-2017-13060 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-13062 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.
CVE-2017-13079 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-03 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-1308 1 Ibm 1 Daeja Viewone 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM X-Force ID: 125462.
CVE-2017-13081 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-03 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.
CVE-2017-13084 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-03 5.4 MEDIUM 6.8 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2017-13086 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-03 5.4 MEDIUM 6.8 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
CVE-2017-13087 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-03 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-13088 7 Canonical, Debian, Freebsd and 4 more 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more 2019-10-03 2.9 LOW 5.3 MEDIUM
Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-1339 1 Ibm 1 Tivoli Storage Manager 2019-10-03 2.1 LOW 4.4 MEDIUM
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information disclosure or a denial of service. IBM X-Force ID: 126247.
CVE-2017-13679 1 Symantec 1 Encryption Desktop 2019-10-03 1.4 LOW 4.2 MEDIUM
A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network.
CVE-2017-13279 1 Google 1 Android 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439.
CVE-2017-1328 1 Ibm 1 Api Connect 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and use the vulnerable API. IBM X-Force ID: 126230.
CVE-2017-13648 1 Graphicsmagick 1 Graphicsmagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.
CVE-2017-13649 1 Unrealircd 1 Unrealircd 2019-10-03 2.1 LOW 5.5 MEDIUM
UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command.
CVE-2017-1370 1 Ibm 1 Jazz Reporting Service 2019-10-03 4.0 MEDIUM 4.9 MEDIUM
IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.
CVE-2017-13775 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2019-10-03 7.1 HIGH 6.5 MEDIUM
GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() in coders/jnx.c whereby large amounts of CPU and memory resources may be consumed although the file itself does not support the requests.
CVE-2017-1386 1 Ibm 2 Api Connect, Api Management 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID: 127160.
CVE-2017-13851 1 Apple 1 Mac Os X 2019-10-03 2.1 LOW 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
CVE-2017-13987 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files.
CVE-2017-13988 1 Hp 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function.
CVE-2017-14054 1 Ffmpeg 1 Ffmpeg 2019-10-03 7.1 HIGH 6.5 MEDIUM
In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop.
CVE-2017-14055 1 Ffmpeg 1 Ffmpeg 2019-10-03 7.1 HIGH 6.5 MEDIUM
In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is provided, the loop over the frames would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVE-2017-14139 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.
CVE-2017-14187 1 Fortinet 1 Fortios 2019-10-03 7.2 HIGH 6.2 MEDIUM
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command.
CVE-2017-14191 1 Fortinet 1 Fortiweb 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.
CVE-2017-14222 1 Ffmpeg 1 Ffmpeg 2019-10-03 7.1 HIGH 6.5 MEDIUM
In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop.
CVE-2017-14329 1 Extremenetworks 1 Extremexos 2019-10-03 7.2 HIGH 6.7 MEDIUM
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVE-2017-1433 1 Ibm 1 Websphere Mq 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.
CVE-2017-14330 1 Extremenetworks 1 Extremexos 2019-10-03 7.2 HIGH 6.7 MEDIUM
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.
CVE-2017-14343 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
CVE-2017-1438 3 Ibm, Linux, Microsoft 4 Db2, Db2 Connect, Linux Kernel and 1 more 2019-10-03 7.2 HIGH 6.7 MEDIUM
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.
CVE-2017-14380 1 Emc 1 Isilon Onefs 2019-10-03 7.2 HIGH 6.7 MEDIUM
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
CVE-2017-14369 1 Rsa 1 Archer Grc Platform 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.
CVE-2017-14431 1 Xen 1 Xen 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
CVE-2017-14324 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-11529 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-0051 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 2.9 LOW 5.4 MEDIUM
Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099.
CVE-2017-0203 1 Microsoft 1 Edge 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."
CVE-2017-0204 1 Microsoft 1 Outlook 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
CVE-2017-0241 1 Microsoft 1 Edge 2019-10-03 5.4 MEDIUM 5.3 MEDIUM
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233.
CVE-2017-0295 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 2.1 LOW 5.5 MEDIUM
Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability".
CVE-2017-0319 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.
CVE-2017-0320 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system.