CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3501 CVE-2017-16778 863 2019-12-24 2020-01-08
2.1
None Local Low Not required None Partial None
An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz).
3502 CVE-2017-16731 522 2017-12-20 2019-10-09
2.9
None Local Network Medium Not required Partial None None
An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.
3503 CVE-2017-16673 200 +Info 2017-11-09 2017-11-28
2.9
None Local Network Medium Not required Partial None None
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."
3504 CVE-2017-16637 20 2017-11-06 2017-11-29
2.1
None Local Low Not required None None Partial
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.
3505 CVE-2017-16611 59 2017-12-01 2020-10-02
2.1
None Local Low Not required None None Partial
In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.
3506 CVE-2017-16560 922 2017-11-16 2019-10-03
2.1
None Local Low Not required Partial None None
SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.
3507 CVE-2017-16556 20 2018-01-16 2019-03-12
2.1
None Local Low Not required None Partial None
In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations.
3508 CVE-2017-16231 119 Overflow 2019-03-21 2019-04-02
2.1
None Local Low Not required None None Partial
** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used.
3509 CVE-2017-15997 327 2017-10-29 2019-10-03
2.1
None Local Low Not required Partial None None
In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.
3510 CVE-2017-15918 522 2017-11-01 2019-10-03
2.1
None Local Low Not required Partial None None
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
3511 CVE-2017-15844 125 2018-09-18 2018-11-09
2.1
None Local Low Not required Partial None None
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash.
3512 CVE-2017-15824 772 2018-07-06 2019-10-03
2.1
None Local Low Not required Partial None None
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory.
3513 CVE-2017-15814 200 +Info 2018-03-16 2018-04-05
2.1
None Local Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
3514 CVE-2017-15589 200 +Info 2017-10-18 2018-10-19
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
3515 CVE-2017-15537 200 +Info 2017-10-17 2018-01-13
2.1
None Local Low Not required Partial None None
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
3516 CVE-2017-15530 200 +Info 2017-12-13 2017-12-27
2.1
None Local Low Not required Partial None None
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to an Information Disclosure issue. Information disclosure is a very common issue that attackers will attempt to exploit as a first pass across the application. As they probe the application they will take note of anything that may seem out of place or any bit of information they can use to their advantage such as error messages, system information, user data, version numbers, component names, URL paths, or even simple typos and misspellings.
3517 CVE-2017-15529 400 DoS 2017-12-13 2017-12-27
2.1
None Local Low Not required None None Partial
Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network.
3518 CVE-2017-15518 200 +Info 2018-02-23 2021-05-11
2.1
None Local Low Not required Partial None None
All versions of OnCommand API Services prior to 2.1 and NetApp Service Level Manager prior to 1.0RC4 log a privileged database user account password. All users are urged to move to a fixed version. Since the affected password is changed during every upgrade/installation no further action is required.
3519 CVE-2017-15517 200 +Info 2017-11-17 2017-12-04
2.1
None Local Low Not required Partial None None
AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution.
3520 CVE-2017-15417 119 Overflow 2018-08-28 2018-11-07
2.6
None Remote High Not required Partial None None
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
3521 CVE-2017-15352 732 2018-02-15 2019-10-03
2.9
None Local Network High ??? Partial None Partial
Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.
3522 CVE-2017-15314 772 2018-03-09 2019-10-03
2.1
None Local Low Not required None None Partial
Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
3523 CVE-2017-15289 787 DoS 2017-10-16 2020-11-10
2.1
None Local Low Not required None None Partial
The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow local OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation.
3524 CVE-2017-15272 287 2017-11-15 2019-10-03
2.1
None Local Low Not required Partial None None
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password.
3525 CVE-2017-15112 200 +Info 2018-01-20 2019-08-06
2.1
None Local Low Not required Partial None None
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.
3526 CVE-2017-15104 200 +Info 2017-12-18 2020-03-12
2.1
None Local Low Not required Partial None None
An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.
3527 CVE-2017-15096 476 DoS 2017-10-26 2017-11-14
2.1
None Local Low Not required None None Partial
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
3528 CVE-2017-14991 200 +Info 2017-10-04 2018-08-24
2.1
None Local Low Not required Partial None None
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
3529 CVE-2017-14954 200 Bypass +Info 2017-10-02 2017-10-06
2.1
None Local Low Not required Partial None None
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
3530 CVE-2017-14893 125 2018-07-06 2018-08-27
2.1
None Local Low Not required Partial None None
While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
3531 CVE-2017-14872 125 2018-07-06 2018-08-27
2.1
None Local Low Not required Partial None None
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
3532 CVE-2017-14772 200 +Info 2017-10-03 2017-10-11
2.1
None Local Low Not required Partial None None
Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.
3533 CVE-2017-14770 200 +Info 2017-10-03 2017-10-11
2.1
None Local Low Not required Partial None None
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.
3534 CVE-2017-14737 2017-09-26 2021-11-17
2.1
None Local Low Not required Partial None None
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.
3535 CVE-2017-14681 665 Exec Code 2017-09-21 2019-10-03
2.1
None Local Low Not required None None Partial
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
3536 CVE-2017-14428 798 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
3537 CVE-2017-14427 276 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
3538 CVE-2017-14426 798 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
3539 CVE-2017-14425 276 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
3540 CVE-2017-14424 276 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
3541 CVE-2017-14156 200 +Info 2017-09-05 2018-03-16
2.1
None Local Low Not required Partial None None
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
3542 CVE-2017-14140 200 +Info 2017-09-05 2018-04-12
2.1
None Local Low Not required Partial None None
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
3543 CVE-2017-14025 20 2017-11-06 2019-10-09
2.1
None Local Low Not required Partial None None
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.
3544 CVE-2017-14014 798 2018-05-01 2019-10-09
2.1
None Local Low Not required Partial None None
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
3545 CVE-2017-14012 311 2018-05-01 2019-10-09
2.1
None Local Low Not required Partial None None
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
3546 CVE-2017-13851 Bypass 2018-04-03 2019-10-03
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files.
3547 CVE-2017-13844 200 +Info 2017-11-13 2019-04-29
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the "Messages" component. It allows physically proximate attackers to view arbitrary photos via a Reply With Message action in the lock-screen state.
3548 CVE-2017-13839 200 +Info 2018-04-03 2018-05-04
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.
3549 CVE-2017-13817 125 Bypass 2017-11-13 2017-11-27
2.1
None Local Low Not required Partial None None
An out-of-bounds read issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to bypass intended memory-read restrictions.
3550 CVE-2017-13810 200 +Info 2017-11-13 2017-11-27
2.1
None Local Low Not required Partial None None
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.