Lista CVE - 2017 / Dicembre
Visualizzazione 901 - 1000 di 1105 CVE per Dicembre 2017 (Pagina 10 di 12)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-17852 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU... |
| CVE-2017-17853 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds... |
| CVE-2017-17854 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted... |
| CVE-2017-17855 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers... |
| CVE-2017-17856 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer... |
| CVE-2017-17857 | 2017-12-23 | The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging... |
| CVE-2017-17862 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could... |
| CVE-2017-17863 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service... |
| CVE-2017-17864 | 2017-12-23 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information,... |
| CVE-2017-17866 | 2017-12-23 | pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer... |
| CVE-2017-16897 | 2017-12-23 | A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the... |
| CVE-2017-17868 | 2017-12-23 | In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. |
| CVE-2017-17869 | 2017-12-23 | The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter. |
| CVE-2017-17870 | 2017-12-23 | The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. |
| CVE-2017-17871 | 2017-12-24 | The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. |
| CVE-2017-17872 | 2017-12-24 | The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. |
| CVE-2017-17873 | 2017-12-24 | Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. |
| CVE-2017-17874 | 2017-12-24 | Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under... |
| CVE-2017-17877 | 2017-12-24 | An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over... |
| CVE-2017-17878 | 2017-12-24 | An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting). |
| CVE-2017-17879 | 2017-12-24 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. |
| CVE-2017-17880 | 2017-12-24 | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. |
| CVE-2017-17881 | 2017-12-24 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image... |
| CVE-2017-17882 | 2017-12-24 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image... |
| CVE-2017-17884 | 2017-12-24 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image... |
| CVE-2017-17885 | 2017-12-24 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image... |
| CVE-2017-17886 | 2017-12-24 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image... |
| CVE-2017-17887 | 2017-12-24 | In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image... |
| CVE-2017-17883 | 2017-12-24 | In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image... |
| CVE-2017-17859 | 2017-12-24 | Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data... |
| CVE-2017-17888 | 2017-12-24 | cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA,... |
| CVE-2017-17849 | 2017-12-24 | A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. |
| CVE-2017-17891 | 2017-12-24 | Readymade Video Sharing Script has CSRF via user-profile-edit.php. |
| CVE-2017-17892 | 2017-12-24 | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. |
| CVE-2017-17893 | 2017-12-24 | Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. |
| CVE-2017-17894 | 2017-12-24 | Readymade Job Site Script has CSRF via the /job URI. |
| CVE-2017-17895 | 2017-12-24 | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. |
| CVE-2017-17896 | 2017-12-24 | Readymade Job Site Script has XSS via the keyword parameter to the /job URI. |
| CVE-2017-17897 | 2017-12-24 | SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2017-17898 | 2017-12-24 | Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. |
| CVE-2017-17899 | 2017-12-24 | SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. |
| CVE-2017-17900 | 2017-12-24 | SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. |
| CVE-2017-17903 | 2017-12-25 | FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. |
| CVE-2017-17904 | 2017-12-25 | FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. |
| CVE-2017-17905 | 2017-12-25 | PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. |
| CVE-2017-17906 | 2017-12-25 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. |
| CVE-2017-17907 | 2017-12-25 | PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. |
| CVE-2017-17908 | 2017-12-25 | PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. |
| CVE-2017-17909 | 2017-12-25 | PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. |
| CVE-2017-13847 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary... |
| CVE-2017-13848 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2017-13855 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13856 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-13858 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2017-13860 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to... |
| CVE-2017-13861 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It... |
| CVE-2017-13862 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13864 | 2017-12-25 | An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It... |
| CVE-2017-13865 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13866 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-13867 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13868 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13869 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13870 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-13871 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content (for which... |
| CVE-2017-13874 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection... |
| CVE-2017-13875 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a... |
| CVE-2017-13876 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-13878 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows local users to bypass intended memory-read restrictions... |
| CVE-2017-13879 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "IOMobileFrameBuffer" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2017-13883 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a... |
| CVE-2017-13903 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify... |
| CVE-2017-7152 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar... |
| CVE-2017-7154 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. The issue involves the "Kernel" component. It... |
| CVE-2017-7155 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a... |
| CVE-2017-7156 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-7157 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-7158 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Screen Sharing Server" component. It allows attackers to obtain root privileges for reading... |
| CVE-2017-7159 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "IOAcceleratorFamily" component. It allows attackers to execute arbitrary code in a privileged context... |
| CVE-2017-7160 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows... |
| CVE-2017-7162 | 2017-12-25 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue... |
| CVE-2017-7163 | 2017-12-25 | An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a... |
| CVE-2017-12740 | 2017-12-26 | Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity verification of software packages downloaded via an unprotected communication channel. This could allow a remote attacker to manipulate the software... |
| CVE-2017-12741 | 2017-12-26 | Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually. |
| CVE-2017-9944 | 2017-12-26 | A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an... |
| CVE-2017-12736 | 2017-12-26 | After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of... |
| CVE-2017-17875 | 2017-12-26 | The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. |
| CVE-2017-17876 | 2017-12-26 | Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. |
| CVE-2017-17911 | 2017-12-26 | packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. |
| CVE-2017-17912 | 2017-12-26 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. |
| CVE-2017-17913 | 2017-12-26 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure... |
| CVE-2017-17914 | 2017-12-26 | In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng... |
| CVE-2017-17915 | 2017-12-26 | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. |
| CVE-2017-17924 | 2017-12-26 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php. |
| CVE-2017-17925 | 2017-12-26 | PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. |
| CVE-2017-17926 | 2017-12-26 | PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. |
| CVE-2017-17927 | 2017-12-26 | PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/. |
| CVE-2017-17928 | 2017-12-26 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. |
| CVE-2017-17929 | 2017-12-26 | PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. |
| CVE-2017-17930 | 2017-12-26 | PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. |