| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1251 |
CVE-2017-2869 |
119 |
|
Exec Code Overflow |
2018-04-05 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. |
|
1252 |
CVE-2017-2868 |
119 |
|
Exec Code Overflow |
2018-04-05 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability. |
|
1253 |
CVE-2017-2867 |
119 |
|
Exec Code Overflow |
2018-04-05 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability. |
|
1254 |
CVE-2017-2861 |
125 |
|
DoS |
2018-04-05 |
2022-04-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. |
|
1255 |
CVE-2017-2853 |
119 |
|
Exec Code Overflow |
2018-04-05 |
2022-04-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. |
|
1256 |
CVE-2017-2840 |
119 |
|
Exec Code Overflow |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. |
|
1257 |
CVE-2017-2839 |
20 |
|
DoS |
2018-04-24 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. |
|
1258 |
CVE-2017-2838 |
20 |
|
DoS |
2018-04-24 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. |
|
1259 |
CVE-2017-2837 |
20 |
|
DoS |
2018-04-24 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. |
|
1260 |
CVE-2017-2836 |
295 |
|
DoS |
2018-04-24 |
2022-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. |
|
1261 |
CVE-2017-2835 |
787 |
|
Exec Code |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. |
|
1262 |
CVE-2017-2834 |
787 |
|
Exec Code |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. |
|
1263 |
CVE-2017-2833 |
78 |
|
|
2018-04-24 |
2022-04-19 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device. |
|
1264 |
CVE-2017-2832 |
78 |
|
|
2018-04-24 |
2022-04-19 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. |
|
1265 |
CVE-2017-2826 |
200 |
|
+Info |
2018-04-09 |
2019-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability. |
|
1266 |
CVE-2017-2825 |
|
|
|
2018-04-20 |
2019-10-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. |
|
1267 |
CVE-2017-2812 |
787 |
|
Exec Code |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise. |
|
1268 |
CVE-2017-2811 |
787 |
|
Exec Code |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. |
|
1269 |
CVE-2017-2804 |
787 |
|
Mem. Corr. |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. |
|
1270 |
CVE-2017-2803 |
787 |
|
Mem. Corr. |
2018-04-24 |
2022-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version. |
|
1271 |
CVE-2017-2802 |
426 |
|
|
2018-04-24 |
2018-06-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability. |
|
1272 |
CVE-2017-2599 |
863 |
|
|
2018-04-11 |
2020-12-04 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321). |
|
1273 |
CVE-2017-2591 |
125 |
|
|
2018-04-30 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service. |
|
1274 |
CVE-2017-2493 |
200 |
|
Bypass +Info |
2018-04-03 |
2019-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted elements on a web site. |
|
1275 |
CVE-2017-2492 |
79 |
|
XSS |
2018-04-03 |
2019-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. |
|
1276 |
CVE-2017-1790 |
79 |
|
XSS |
2018-04-12 |
2018-05-16 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137035. |
|
1277 |
CVE-2017-1786 |
772 |
|
|
2018-04-23 |
2019-10-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975. |
|
1278 |
CVE-2017-1772 |
79 |
|
XSS |
2018-04-04 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and 8.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 136786. |
|
1279 |
CVE-2017-1764 |
522 |
|
|
2018-04-23 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, under specialized circumstances, could expose plain text credentials to a local user. IBM X-Force ID: 136149. |
|
1280 |
CVE-2017-1750 |
79 |
|
XSS |
2018-04-25 |
2018-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 135523. |
|
1281 |
CVE-2017-1734 |
200 |
|
+Info |
2018-04-24 |
2018-06-05 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) stores potentially sensitive information in a cache that could be read by authenticated users. IBM X-Force ID: 134915. |
|
1282 |
CVE-2017-1733 |
532 |
|
|
2018-04-04 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914. |
|
1283 |
CVE-2017-1725 |
200 |
|
+Info |
2018-04-24 |
2018-06-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) contain an undisclosed vulnerability with the potential for information disclosure. IBM X-Force ID: 134820. |
|
1284 |
CVE-2017-1724 |
79 |
|
XSS |
2018-04-26 |
2018-05-25 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134814. |
|
1285 |
CVE-2017-1723 |
22 |
|
Dir. Trav. |
2018-04-26 |
2018-05-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812. |
|
1286 |
CVE-2017-1722 |
89 |
|
Sql |
2018-04-26 |
2018-05-25 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811. |
|
1287 |
CVE-2017-1721 |
94 |
|
Exec Code |
2018-04-26 |
2018-05-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810. |
|
1288 |
CVE-2017-1701 |
326 |
|
+Info |
2018-04-23 |
2018-05-23 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain highly sensitive information. IBM X-Force ID: 134393. |
|
1289 |
CVE-2017-1700 |
863 |
|
DoS |
2018-04-24 |
2019-10-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM) could allow an authenticated user to cause a denial of service due to incorrect authorization for resource intensive scenarios. IBM X-Force ID: 134392. |
|
1290 |
CVE-2017-1624 |
732 |
|
|
2018-04-04 |
2019-10-09 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122. |
|
1291 |
CVE-2017-1486 |
79 |
|
XSS |
2018-04-23 |
2018-05-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624. |
|
1292 |
CVE-2017-1473 |
326 |
|
|
2018-04-23 |
2018-05-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605. |
|
1293 |
CVE-2017-1116 |
200 |
|
+Info |
2018-04-27 |
2018-05-25 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154. |
|
1294 |
CVE-2017-1081 |
20 |
|
|
2018-04-10 |
2019-10-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. |
|
1295 |
CVE-2017-0751 |
|
|
|
2018-04-05 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061. |
|
1296 |
CVE-2017-0748 |
200 |
|
+Info |
2018-04-05 |
2018-04-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798. |
|
1297 |
CVE-2017-0744 |
|
|
|
2018-04-05 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744. |
|
1298 |
CVE-2017-0431 |
|
|
|
2018-04-05 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899. |
|
1299 |
CVE-2017-0372 |
74 |
|
|
2018-04-13 |
2018-05-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. |
|
1300 |
CVE-2017-0370 |
20 |
|
File Inclusion |
2018-04-13 |
2018-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter. |
