The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2017-9343 | In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | MEDIUM | Jun 5, 2017 |
CVE-2017-9340 | An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | MEDIUM | Jul 17, 2017 |
CVE-2017-9339 | A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | MEDIUM | Jul 17, 2017 |
CVE-2017-9338 | Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialogue. | LOW | Jul 17, 2017 |
CVE-2017-9337 | The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | MEDIUM | Jun 9, 2017 |
CVE-2017-9336 | The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | MEDIUM | Jun 9, 2017 |
CVE-2017-9334 | An incorrect pair? check in the Scheme length procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls length on it. | MEDIUM | Jun 9, 2017 |
CVE-2017-9333 | OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access. | Medium | Sep 21, 2017 |
CVE-2017-9332 | The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | MEDIUM | Jun 6, 2017 |
CVE-2017-9331 | The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | LOW | Jun 9, 2017 |
CVE-2017-9330 | QEMU (aka Quick Emulator), when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value. | LOW | Jun 9, 2017 |
CVE-2017-9328 | Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | HIGH | Sep 15, 2017 |
CVE-2017-9327 | Secret data of processes managed by CM is not secured by file permissions. | MEDIUM | Jul 11, 2019 |
CVE-2017-9326 | The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed. | LOW | Jul 11, 2019 |
CVE-2017-9325 | The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. | MEDIUM | Jul 11, 2019 |
CVE-2017-9324 | In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. | MEDIUM | Jun 12, 2017 |
CVE-2017-9323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 |
CVE-2017-9322 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 |
CVE-2017-9321 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none | -- | Nov 7, 2023 |
CVE-2017-9317 | Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device. | MEDIUM | May 23, 2018 |
CVE-2017-9316 | Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution. | MEDIUM | Nov 27, 2017 |
CVE-2017-9315 | Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker. | MEDIUM | Nov 28, 2017 |
CVE-2017-9314 | Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. | MEDIUM | Nov 13, 2017 |
CVE-2017-9313 | Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840. | Medium | Jul 10, 2017 |
CVE-2017-9312 | Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately. | HIGH | Jun 25, 2018 |
CVE-2017-9310 | QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. | LOW | Jun 8, 2017 |
CVE-2017-9307 | SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter. | MEDIUM | Jun 9, 2017 |
CVE-2017-9306 | inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an <svg/onload= substring instead of an <svg onload= substring. | MEDIUM | Jun 9, 2017 |
CVE-2017-9305 | lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | MEDIUM | Jun 8, 2017 |
CVE-2017-9304 | libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function. | MEDIUM | Jun 6, 2017 |
CVE-2017-9303 | Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | MEDIUM | Jun 8, 2017 |
CVE-2017-9302 | RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. | MEDIUM | Jun 8, 2017 |
CVE-2017-9301 | pluginsaudio_filterlibmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file. | MEDIUM | Jun 6, 2017 |
CVE-2017-9300 | pluginscodeclibflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. | MEDIUM | Jun 6, 2017 |
CVE-2017-9299 | Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. | MEDIUM | Jun 7, 2017 |
CVE-2017-9298 | Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | LOW | Jun 8, 2017 |
CVE-2017-9297 | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites. | MEDIUM | Jun 8, 2017 |
CVE-2017-9296 | Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | MEDIUM | Jun 8, 2017 |
CVE-2017-9295 | XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files. | MEDIUM | Jun 8, 2017 |
CVE-2017-9294 | RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports. | HIGH | Jun 8, 2017 |
CVE-2017-9292 | Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | MEDIUM | Jun 8, 2017 |
CVE-2017-9289 | Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-sourceuieditor.php (edit parameter). | MEDIUM | Jun 8, 2017 |
CVE-2017-9288 | The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | MEDIUM | Jun 8, 2017 |
CVE-2017-9287 | servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. | MEDIUM | Jun 8, 2017 |
CVE-2017-9286 | The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | HIGH | Mar 1, 2018 |
CVE-2017-9285 | NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions when ebaclient was used, allowing unpermitted access to eDirectory services. | HIGH | Mar 2, 2018 |
CVE-2017-9284 | IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive information. | MEDIUM | Apr 26, 2018 |
CVE-2017-9283 | An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | HIGH | Sep 21, 2017 |
CVE-2017-9282 | An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | HIGH | Sep 21, 2017 |
CVE-2017-9281 | An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | MEDIUM | Sep 21, 2017 |