CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2017-13986 79 XSS 2017-09-30 2017-10-05
4.3
None Remote Medium Not required None Partial None
A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system.
502 CVE-2017-13985 22 Dir. Trav. 2017-09-30 2017-10-05
4.0
None Remote Low ??? Partial None None
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information.
503 CVE-2017-13984 287 Dir. Trav. 2017-09-30 2017-10-05
5.5
None Remote Low ??? None Partial Partial
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
504 CVE-2017-13983 287 Bypass 2017-09-30 2017-10-05
10.0
None Remote Low Not required Complete Complete Complete
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
505 CVE-2017-13982 22 Dir. Trav. 2017-09-30 2017-10-11
9.0
None Remote Low ??? Complete Complete Complete
A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.
506 CVE-2017-13779 732 Exec Code +Priv 2017-09-14 2021-06-04
7.2
None Local Low Not required Complete Complete Complete
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.
507 CVE-2017-13771 522 +Info 2017-09-07 2021-07-20
5.0
None Remote Low Not required Partial None None
Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configuration credentials in plaintext and transmits them in requests, which allows remote attackers to obtain sensitive information via requests to (1) cgi-bin/direct/printer/prtappauth/apps/snfDestServlet or (2) cgi-bin/direct/printer/prtappauth/apps/ImportExportServlet.
508 CVE-2017-13761 200 +Info 2017-09-14 2017-09-26
4.0
None Remote Low ??? Partial None None
The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.
509 CVE-2017-13754 79 XSS 2017-09-07 2018-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
510 CVE-2017-13725 125 2017-09-14 2020-10-28
7.5
None Remote Low Not required Partial Partial Partial
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
511 CVE-2017-13724 79 XSS 2017-09-13 2017-09-21
3.5
None Remote Medium ??? None Partial None
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.
512 CVE-2017-13713 78 Exec Code 2017-09-07 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
513 CVE-2017-13711 416 DoS 2017-09-01 2020-10-29
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets.
514 CVE-2017-13690 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
515 CVE-2017-13689 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
516 CVE-2017-13688 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
517 CVE-2017-13687 125 2017-09-14 2020-10-28
7.5
None Remote Low Not required Partial Partial Partial
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
518 CVE-2017-13684 119 DoS Overflow 2017-09-30 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption.
519 CVE-2017-13676 94 2017-09-28 2017-10-06
4.4
None Local Medium Not required Partial Partial Partial
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability.
520 CVE-2017-13674 Exec Code 2017-09-01 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges.
521 CVE-2017-13672 125 DoS 2017-09-01 2020-11-10
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update.
522 CVE-2017-13129 352 CSRF 2017-09-26 2017-10-03
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.
523 CVE-2017-13067 Exec Code 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
524 CVE-2017-13055 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().
525 CVE-2017-13054 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in print-lldp.c:lldp_private_8023_print().
526 CVE-2017-13053 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_rt_routing_info().
527 CVE-2017-13052 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print-cfm.c:cfm_print().
528 CVE-2017-13051 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
529 CVE-2017-13050 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read in print-rpki-rtr.c:rpki_rtr_pdu_print().
530 CVE-2017-13049 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-rx.c:ubik_print().
531 CVE-2017-13048 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
532 CVE-2017-13047 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:esis_print().
533 CVE-2017-13046 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print().
534 CVE-2017-13045 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print-vqp.c:vqp_print().
535 CVE-2017-13044 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv4_print().
536 CVE-2017-13043 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:decode_multicast_vpn().
537 CVE-2017-13042 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in print-hncp.c:dhcpv6_print().
538 CVE-2017-13041 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print().
539 CVE-2017-13040 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.
540 CVE-2017-13039 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
541 CVE-2017-13038 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:handle_mlppp().
542 CVE-2017-13037 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printts().
543 CVE-2017-13036 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3().
544 CVE-2017-13035 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_id().
545 CVE-2017-13034 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print-pgm.c:pgm_print().
546 CVE-2017-13033 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().
547 CVE-2017-13032 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:print_attr_string().
548 CVE-2017-13031 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().
549 CVE-2017-13030 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print-pim.c, several functions.
550 CVE-2017-13029 125 2017-09-14 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print-ppp.c:print_ccp_config_options().
Total number of vulnerabilities : 1228   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.