Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8201 1 Huawei 6 Max Presence, Max Presence Firmware, Tp3106 and 3 more 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.
CVE-2017-8206 1 Huawei 2 Honor 7 Lite, Honor 7 Lite Firmware 2019-10-03 7.2 HIGH 6.8 MEDIUM
HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily.
CVE-2017-8301 1 Openbsd 1 Libressl 2019-10-03 2.6 LOW 5.3 MEDIUM
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
CVE-2017-8343 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8344 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8345 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8346 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8347 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8356 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8357 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8371 1 Schneider-electric 1 Struxureware Data Center Expert 2019-10-03 4.0 MEDIUM 6.8 MEDIUM
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-8372 1 Underbit 1 Mad Libmad 2019-10-03 2.6 LOW 4.7 MEDIUM
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
CVE-2017-8542 1 Microsoft 11 Exchange Server, Forefront Security, Malware Protection Engine and 8 more 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.
CVE-2017-8628 1 Microsoft 5 Windows 10, Windows 7, Windows 8.1 and 2 more 2019-10-03 4.3 MEDIUM 6.8 MEDIUM
Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".
CVE-2017-8673 1 Microsoft 1 Windows 10 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."
CVE-2017-8715 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".
CVE-2017-8710 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".
CVE-2017-8716 1 Microsoft 1 Windows 10 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability".
CVE-2017-8723 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.
CVE-2017-8724 1 Microsoft 2 Edge, Windows 10 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735.
CVE-2017-8726 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.
CVE-2017-8733 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability".
CVE-2017-8735 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724.
CVE-2017-8746 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability".
CVE-2017-8754 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2019-10-03 4.0 MEDIUM 4.2 MEDIUM
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.
CVE-2017-8765 1 Imagemagick 1 Imagemagick 2019-10-03 7.1 HIGH 6.5 MEDIUM
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
CVE-2017-8812 2 Debian, Mediawiki 2 Debian Linux, Mediawiki 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
CVE-2017-8830 1 Imagemagick 1 Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8900 2 Canonical, Lightdm Project 2 Ubuntu Linux, Lightdm 2019-10-03 2.1 LOW 4.6 MEDIUM
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.
CVE-2017-9039 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
GNU Binutils 2.28 allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file with many program headers, related to the get_program_headers function in readelf.c.
CVE-2017-9045 1 Google 1 Google I\/o 2017 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file.
CVE-2017-9059 1 Linux 1 Linux Kernel 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
CVE-2017-9210 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2017-9260 1 Surina 1 Soundtouch 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.
CVE-2017-9273 1 Microfocus 2 Bi-directional Driver, Identity Manager 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes.
CVE-2017-9461 3 Debian, Redhat, Samba 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2019-10-03 6.8 MEDIUM 6.5 MEDIUM
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.
CVE-2017-9471 2 Canonical, Ytnef Project 2 Ubuntu Linux, Ytnef 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9472 1 Ytnef Project 1 Ytnef 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9473 2 Canonical, Ytnef Project 2 Ubuntu Linux, Ytnef 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-9474 1 Ytnef Project 1 Ytnef 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9545 1 Mpg123 1 Mpg123 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.
CVE-2017-9778 1 Gnu 1 Gdb 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
CVE-2017-9847 1 Libtorrent 1 Libtorrent 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2017-9865 2 Debian, Freedesktop 2 Debian Linux, Poppler 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
CVE-2017-9869 1 Lame Project 1 Lame 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
CVE-2017-9870 1 Lame Project 1 Lame 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.
CVE-2018-0010 1 Juniper 1 Junos Space 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in the Juniper Networks Junos Space Security Director allows a user who does not have SSH access to a device to reuse the URL that was created for another user to perform SSH access. Affected releases are all versions of Junos Space Security Director prior to 17.2R1.
CVE-2018-0908 1 Microsoft 1 Identity Manager 2019-10-03 4.3 MEDIUM 6.1 MEDIUM
Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."
CVE-2018-0533 1 Cybozu 1 Garoon 2019-10-03 4.0 MEDIUM 4.9 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
CVE-2018-0550 1 Cybozu 1 Garoon 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.