The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-17887 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17888 | cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | HIGH | Dec 27, 2017 |
| CVE-2017-17891 | Readymade Video Sharing Script has CSRF via user-profile-edit.php. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17892 | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17893 | Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17894 | Readymade Job Site Script has CSRF via the /job URI. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17895 | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | HIGH | Dec 27, 2017 |
| CVE-2017-17896 | Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17897 | SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17898 | Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17899 | SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17900 | SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17903 | FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17904 | FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | LOW | Dec 27, 2017 |
| CVE-2017-17905 | PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17906 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17907 | PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17908 | PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17909 | PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | LOW | Dec 27, 2017 |
| CVE-2017-17911 | packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17912 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17913 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17914 | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. | HIGH | Dec 27, 2017 |
| CVE-2017-17915 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17924 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17925 | PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | LOW | Dec 27, 2017 |
| CVE-2017-17926 | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17927 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17928 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17929 | PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | LOW | Dec 27, 2017 |
| CVE-2017-17930 | PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17931 | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | HIGH | Dec 27, 2017 |
| CVE-2017-17934 | ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. | MEDIUM | Dec 27, 2017 |
| CVE-2017-17935 | The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip \'\\n\' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line. | MEDIUM | Dec 27, 2017 |
| CVE-2017-7152 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the Mail Message Framework component. It allows remote attackers to spoof the address bar via a crafted web site. | MEDIUM | Dec 27, 2017 |
| CVE-2017-7154 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the Kernel component. It allows local users to bypass intended memory-read restrictions or cause a denial of service (system crash). | MEDIUM | Dec 27, 2017 |
| CVE-2017-7155 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Dec 27, 2017 |
| CVE-2017-7156 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Dec 27, 2017 |
| CVE-2017-7157 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Dec 27, 2017 |
| CVE-2017-7158 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the Screen Sharing Server component. It allows attackers to obtain root privileges for reading files by leveraging screen-sharing access. | MEDIUM | Dec 27, 2017 |
| CVE-2017-7159 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the IOAcceleratorFamily component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Dec 27, 2017 |
| CVE-2017-7160 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the WebKit component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | MEDIUM | Dec 27, 2017 |
| CVE-2017-7162 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the IOKit component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Dec 27, 2017 |
| CVE-2017-7163 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the Intel Graphics Driver component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Dec 27, 2017 |
| CVE-2017-9608 | The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file. | MEDIUM | Dec 27, 2017 |
| CVE-2017-9944 | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network. | HIGH | Dec 27, 2017 |
| CVE-2017-12736 | A vulnerability has been identified in the following Siemens products: RUGGEDCOM ROS for RSL910 devices: All versions < ROS v5.0.1, RUGGEDCOM ROS for all other devices: All versions < ROS v4.3.4, SCALANCE XB-200/XC-200/XP-200/XR300-WG: All versions >= v3.0, SCALANCE XR-500/XM-400: All versions >= v6.1. After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions, potentially allowing users located in the adjacent network of the targeted device to perform unauthorized administrative actions. | MEDIUM | Dec 25, 2017 |
| CVE-2017-12740 | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software package while performing a Man-in-the-Middle (MitM) attack. | MEDIUM | Dec 25, 2017 |
| CVE-2017-12741 | A vulnerability has been identified in the following Siemens industrial products: SIMATIC S7-200 Smart: All versions < V2.03.01, SIMATIC S7-400 PN V6: All versions < V6.0.6, SIMATIC S7-400 H V6: All versions < 6.0.8, SIMATIC S7-400 PN/DP V7: All versions, SIMATIC S7-410 V8: All versions, SIMATIC S7-300: All versions, SIMATIC S7-1200: All versions, SIMATIC S7-1500: All versions < 2.0, SIMATIC S7-1500 Software Controller: All versions < 2.0, SIMATIC WinAC RTX 2010 incl. F: All versions, SIMATIC ET 200AL: All versions, SIMATIC ET 200ecoPN: All versions, SIMATIC ET 200M: All versions, SIMATIC ET 200MP: All versions, SIMATIC ET 200pro: All versions, SIMATIC ET 200S: All versions, SIMATIC ET 200SP: All versions, DK Standard Ethernet Controller: All versions, EK-ERTEC 200P: All versions < V4.5, EK-ERTEC 200 PN IO: All versions, SIMOTION D: All versions < V5.1 HF1, SIMOTION C: All versions < V5.1 HF1, SIMOTION P: All versions < V5.1 HF1, SINAMICS DCM: All versions, SINAMICS DCP: All versions, SINAMICS G110M / G120(C/P/D) w. PN: All versions < V4.7 SP9 HF1, SINAMICS G130 and G150: All versions, SINAMICS S110 w. PN: All versions, SINAMICS S120: All versions, SINAMICS S150 V4.7 and V4.8: All versions, SINAMICS V90 w. PN: All versions, SINUMERIK 840D sl: All versions, SIMATIC Compact Field Unit: All versions, SIMATIC PN/PN Coupler: All versions, SIMOCODE pro V PROFINET: All versions, SIRIUS Soft starter 3RW44 PN: All versions. Specially crafted packets sent to port 161/UDP could cause a Denial-of-Service condition. The affected devices must be restarted manually. | HIGH | Dec 25, 2017 |
| CVE-2017-13847 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the IOKit component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | HIGH | Dec 25, 2017 |
