| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2017-1000000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000001 | FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation n... | | |
| CVE-2017-1000002 | ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check b... | | |
| CVE-2017-1000003 | ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability ... | | |
| CVE-2017-1000004 | ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicL... | | |
| CVE-2017-1000005 | PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and col... | | |
| CVE-2017-1000006 | Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.... | | |
| CVE-2017-1000007 | txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerab... | | |
| CVE-2017-1000008 | Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers ... | | |
| CVE-2017-1000009 | Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition,... | S | |
| CVE-2017-1000010 | Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitra... | | |
| CVE-2017-1000011 | MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in acco... | | |
| CVE-2017-1000012 | MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to th... | | |
| CVE-2017-1000013 | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness... | S | |
| CVE-2017-1000014 | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality... | S | |
| CVE-2017-1000015 | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie paramet... | | |
| CVE-2017-1000016 | A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. T... | | |
| CVE-2017-1000017 | phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions i... | | |
| CVE-2017-1000018 | phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a sp... | S | |
| CVE-2017-1000019 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-5938. Reason: This candida... | R | |
| CVE-2017-1000020 | SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentic... | | |
| CVE-2017-1000021 | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.... | E | |
| CVE-2017-1000022 | LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave t... | E | |
| CVE-2017-1000023 | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML docu... | E | |
| CVE-2017-1000024 | Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure ... | | |
| CVE-2017-1000025 | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11... | | |
| CVE-2017-1000026 | Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal atta... | | |
| CVE-2017-1000027 | Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnera... | | |
| CVE-2017-1000028 | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthentic... | E | |
| CVE-2017-1000029 | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion ... | | |
| CVE-2017-1000030 | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Passwo... | | |
| CVE-2017-1000031 | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to... | E | |
| CVE-2017-1000032 | Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrar... | | |
| CVE-2017-1000033 | Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in th... | E | |
| CVE-2017-1000034 | Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting co... | | |
| CVE-2017-1000035 | Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack... | | |
| CVE-2017-1000036 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000037 | RVM automatically loads environment variables from files in $PWD resulting in command execution RVM ... | E | |
| CVE-2017-1000038 | WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being ... | E | |
| CVE-2017-1000039 | Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Inform... | | |
| CVE-2017-1000040 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7853. Reason: This candida... | R | |
| CVE-2017-1000041 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7271. Reason: This candida... | R | |
| CVE-2017-1000042 | Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scriptin... | E | |
| CVE-2017-1000043 | Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scriptin... | E | |
| CVE-2017-1000044 | gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer whi... | S | |
| CVE-2017-1000045 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000046 | Mautic 2.6.1 and earlier fails to set flags on session cookies... | | |
| CVE-2017-1000047 | rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby versi... | | |
| CVE-2017-1000048 | the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerab... | | |
| CVE-2017-1000049 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8864. Reason: This candida... | R | |
| CVE-2017-1000050 | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to c... | | |
| CVE-2017-1000051 | Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows re... | | |
| CVE-2017-1000052 | Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plu... | | |
| CVE-2017-1000053 | Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in th... | M | |
| CVE-2017-1000054 | Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messa... | | |
| CVE-2017-1000055 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000056 | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admi... | M | |
| CVE-2017-1000057 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000058 | Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one i... | | |
| CVE-2017-1000059 | Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header ha... | | |
| CVE-2017-1000060 | EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root... | E | |
| CVE-2017-1000061 | xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input d... | S | |
| CVE-2017-1000062 | kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote co... | | |
| CVE-2017-1000063 | kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information ... | | |
| CVE-2017-1000064 | kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS... | | |
| CVE-2017-1000065 | Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Acce... | S | |
| CVE-2017-1000066 | The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entr... | | |
| CVE-2017-1000067 | MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitiza... | | |
| CVE-2017-1000068 | TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disa... | | |
| CVE-2017-1000069 | CSRF in Bitly oauth2_proxy 2.1 during authentication flow... | S | |
| CVE-2017-1000070 | The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability dur... | S | |
| CVE-2017-1000071 | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function w... | | |
| CVE-2017-1000072 | Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially l... | E S | |
| CVE-2017-1000073 | Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can r... | E S | |
| CVE-2017-1000074 | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.... | E S | |
| CVE-2017-1000075 | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function... | E S | |
| CVE-2017-1000076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000077 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000078 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration... | | |
| CVE-2017-1000079 | Linux foundation ONOS 1.9.0 is vulnerable to a DoS.... | | |
| CVE-2017-1000080 | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.... | | |
| CVE-2017-1000081 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting... | | |
| CVE-2017-1000082 | systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day")... | S | |
| CVE-2017-1000083 | backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows r... | E S | |
| CVE-2017-1000084 | Parameterized Trigger Plugin fails to check Item/Build permission: The Parameterized Trigger Plugin ... | | |
| CVE-2017-1000085 | Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g... | | |
| CVE-2017-1000086 | The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Rea... | | |
| CVE-2017-1000087 | GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job t... | | |
| CVE-2017-1000088 | The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the... | | |
| CVE-2017-1000089 | Builds in Jenkins are associated with an authentication that controls the permissions that the build... | | |
| CVE-2017-1000090 | Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, the... | | |
| CVE-2017-1000091 | GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as ... | | |
| CVE-2017-1000092 | Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with ... | | |
| CVE-2017-1000093 | Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cr... | | |
| CVE-2017-1000094 | Docker Commons Plugin provides a list of applicable credential IDs to allow users configuring a job ... | | |
| CVE-2017-1000095 | The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, Stri... | | |
| CVE-2017-1000096 | Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initi... | | |
| CVE-2017-1000097 | On Darwin, user's trust preferences for root certificates were not honored. If the user had a root c... | | |
| CVE-2017-1000098 | The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the ... | S | |
| CVE-2017-1000099 | When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data abou... | S | |
| CVE-2017-1000100 | When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (long... | S | |
| CVE-2017-1000101 | curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterat... | | |
| CVE-2017-1000102 | The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cros... | | |
| CVE-2017-1000103 | The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persi... | | |
| CVE-2017-1000104 | The Config File Provider Plugin is used to centrally manage configuration files that often include s... | | |
| CVE-2017-1000105 | The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean d... | | |
| CVE-2017-1000106 | Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organ... | | |
| CVE-2017-1000107 | Script Security Plugin did not apply sandboxing restrictions to constructor invocations via position... | | |
| CVE-2017-1000108 | The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to inte... | | |
| CVE-2017-1000109 | The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vu... | | |
| CVE-2017-1000110 | Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organ... | | |
| CVE-2017-1000111 | Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously dis... | | |
| CVE-2017-1000112 | Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO p... | E S | |
| CVE-2017-1000113 | The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allow... | | |
| CVE-2017-1000114 | The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configurati... | | |
| CVE-2017-1000115 | Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositor... | | |
| CVE-2017-1000116 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shel... | S | |
| CVE-2017-1000117 | A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt... | E | |
| CVE-2017-1000118 | Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading ... | | |
| CVE-2017-1000119 | October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting... | | |
| CVE-2017-1000120 | [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows rem... | | |
| CVE-2017-1000121 | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate messa... | S | |
| CVE-2017-1000122 | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certa... | | |
| CVE-2017-1000123 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12425. Reason: This candida... | R | |
| CVE-2017-1000124 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candida... | R | |
| CVE-2017-1000125 | Codiad(full version) is vulnerable to write anything to configure file in the installation resulting... | E | |
| CVE-2017-1000126 | exiv2 0.26 contains a Stack out of bounds read in webp parser... | | |
| CVE-2017-1000127 | Exiv2 0.26 contains a heap buffer overflow in tiff parser... | | |
| CVE-2017-1000128 | Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser... | | |
| CVE-2017-1000129 | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information di... | | |
| CVE-2017-1000131 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to user... | E S | |
| CVE-2017-1000132 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vul... | E S | |
| CVE-2017-1000133 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a us... | S | |
| CVE-2017-1000134 | Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vul... | E S | |
| CVE-2017-1000135 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vul... | E S | |
| CVE-2017-1000136 | Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vul... | E S | |
| CVE-2017-1000137 | Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting w... | E S | |
| CVE-2017-1000138 | Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting w... | E S | |
| CVE-2017-1000139 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vul... | S | |
| CVE-2017-1000140 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vul... | E S | |
| CVE-2017-1000141 | An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue... | | |
| CVE-2017-1000142 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vul... | E S | |
| CVE-2017-1000143 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vul... | S | |
| CVE-2017-1000144 | Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site adm... | E S | |
| CVE-2017-1000145 | Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous ... | E S | |
| CVE-2017-1000146 | Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitr... | E S | |
| CVE-2017-1000147 | Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a ... | E S | |
| CVE-2017-1000148 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP ... | S | |
| CVE-2017-1000149 | Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS du... | E S | |
| CVE-2017-1000150 | Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from bein... | S | |
| CVE-2017-1000151 | Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to pass... | S | |
| CVE-2017-1000152 | Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user bein... | S | |
| CVE-2017-1000153 | Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to inc... | E S | |
| CVE-2017-1000154 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some... | E S | |
| CVE-2017-1000155 | Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to prof... | E S | |
| CVE-2017-1000156 | Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a gr... | E S | |
| CVE-2017-1000157 | Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.0... | E S | |
| CVE-2017-1000158 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape ... | S | |
| CVE-2017-1000159 | Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.... | S | |
| CVE-2017-1000160 | EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injectio... | | |
| CVE-2017-1000161 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000162 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12474, CVE-2017-12475, CVE-... | R | |
| CVE-2017-1000163 | The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0... | M | |
| CVE-2017-1000164 | Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and priv... | E S | |
| CVE-2017-1000165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candida... | R | |
| CVE-2017-1000166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000167 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000168 | sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate public keys... | | |
| CVE-2017-1000169 | QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code exec... | | |
| CVE-2017-1000170 | jqueryFileTree 2.1.5 and older Directory Traversal... | E S | |
| CVE-2017-1000171 | Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain t... | | |
| CVE-2017-1000172 | Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After... | E | |
| CVE-2017-1000173 | Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whili... | E S | |
| CVE-2017-1000174 | In SWFTools, an address access exception was found in swfdump swf_GetBits().... | | |
| CVE-2017-1000175 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000176 | In SWFTools, a memcpy buffer overflow was found in swfc.... | | |
| CVE-2017-1000177 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candida... | R | |
| CVE-2017-1000178 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11096. Reason: This candida... | R | |
| CVE-2017-1000179 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11101. Reason: This candida... | R | |
| CVE-2017-1000180 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11100. Reason: This candida... | R | |
| CVE-2017-1000181 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-10976. Reason: This candida... | R | |
| CVE-2017-1000182 | In SWFTools, a memory leak was found in wav2swf.... | | |
| CVE-2017-1000183 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11099. Reason: This candida... | R | |
| CVE-2017-1000184 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11098. Reason: This candida... | R | |
| CVE-2017-1000185 | In SWFTools, a memcpy buffer overflow was found in gif2swf.... | | |
| CVE-2017-1000186 | In SWFTools, a stack overflow was found in pdf2swf.... | | |
| CVE-2017-1000187 | In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()... | | |
| CVE-2017-1000188 | nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() ... | S | |
| CVE-2017-1000189 | nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validatio... | S | |
| CVE-2017-1000190 | SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information d... | E | |
| CVE-2017-1000191 | Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS.... | | |
| CVE-2017-1000192 | Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality ... | | |
| CVE-2017-1000193 | October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in ... | S | |
| CVE-2017-1000194 | October CMS build 412 is vulnerable to Apache configuration modification via file upload functionali... | S | |
| CVE-2017-1000195 | October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in... | S | |
| CVE-2017-1000196 | October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulti... | S | |
| CVE-2017-1000197 | October CMS build 412 is vulnerable to file path modification in asset move functionality resulting ... | S | |
| CVE-2017-1000198 | tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_... | S | |
| CVE-2017-1000199 | tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resul... | | |
| CVE-2017-1000200 | tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the... | S | |
| CVE-2017-1000201 | The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a local denial of serv... | S | |
| CVE-2017-1000202 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12933. Reason: This candida... | R | |
| CVE-2017-1000203 | ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the... | S | |
| CVE-2017-1000204 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9920. Reason: This candida... | R | |
| CVE-2017-1000205 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9091. Reason: This candida... | R | |
| CVE-2017-1000206 | samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS ... | | |
| CVE-2017-1000207 | A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml pars... | | |
| CVE-2017-1000208 | A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitr... | | |
| CVE-2017-1000209 | The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a dom... | | |
| CVE-2017-1000210 | picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution ... | S | |
| CVE-2017-1000211 | Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory dis... | | |
| CVE-2017-1000212 | Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-s... | | |
| CVE-2017-1000213 | WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/to... | S | |
| CVE-2017-1000214 | GitPHP by xiphux is vulnerable to OS Command Injections... | | |
| CVE-2017-1000215 | ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resu... | S | |
| CVE-2017-1000216 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11104. Reason: This candida... | R | |
| CVE-2017-1000217 | Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in ... | | |
| CVE-2017-1000218 | LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a ... | E | |
| CVE-2017-1000219 | npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as... | E M | |
| CVE-2017-1000220 | soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary comm... | E M | |
| CVE-2017-1000221 | In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication ... | E | |
| CVE-2017-1000222 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000223 | A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS vers... | | |
| CVE-2017-1000224 | CSRF in YouTube (WordPress plugin) could allow unauthenticated attacker to change any setting within... | E | |
| CVE-2017-1000225 | Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow un... | E | |
| CVE-2017-1000226 | Stop User Enumeration 1.3.8 allows user enumeration via the REST API... | E | |
| CVE-2017-1000227 | Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-i... | E | |
| CVE-2017-1000228 | nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input valida... | E | |
| CVE-2017-1000229 | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotel... | E | |
| CVE-2017-1000230 | The Snap7 Server version 1.4.1 can be crashed when the ItemCount field of the ReadVar or WriteVar fu... | | |
| CVE-2017-1000231 | A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.... | S | |
| CVE-2017-1000232 | A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.... | E | |
| CVE-2017-1000233 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11667. Reason: This candid... | R | |
| CVE-2017-1000234 | I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php re... | E | |
| CVE-2017-1000235 | I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting ... | E | |
| CVE-2017-1000236 | I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php res... | E | |
| CVE-2017-1000237 | I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.... | E | |
| CVE-2017-1000238 | InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated u... | E | |
| CVE-2017-1000239 | InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an ... | E | |
| CVE-2017-1000240 | The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulner... | | |
| CVE-2017-1000241 | The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalat... | | |
| CVE-2017-1000242 | Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file with insecure permissions resulti... | M | |
| CVE-2017-1000243 | Jenkins Favorite Plugin 2.1.4 and older does not perform permission checks when changing favorite st... | | |
| CVE-2017-1000244 | Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification... | | |
| CVE-2017-1000245 | The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. Us... | | |
| CVE-2017-1000246 | Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions... | S | |
| CVE-2017-1000247 | British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in... | | |
| CVE-2017-1000248 | Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis... | S | |
| CVE-2017-1000249 | An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets... | S | |
| CVE-2017-1000250 | All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure... | E | |
| CVE-2017-1000251 | The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 ... | E S | |
| CVE-2017-1000252 | The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of serv... | S | |
| CVE-2017-1000253 | Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/... | KEV S | |
| CVE-2017-1000254 | libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP ... | S | |
| CVE-2017-1000255 | On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and t... | | |
| CVE-2017-1000256 | libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" pas... | | |
| CVE-2017-1000257 | An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that r... | | |
| CVE-2017-1000353 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthentic... | E S | |
| CVE-2017-1000354 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login comman... | | |
| CVE-2017-1000355 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Ja... | | |
| CVE-2017-1000356 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in th... | | |
| CVE-2017-1000357 | Denial of Service attack when the switch rejects to receive packets from the controller. Component: ... | E | |
| CVE-2017-1000358 | Controller throws an exception and does not allow user to add subsequent flow for a particular switc... | E | |
| CVE-2017-1000359 | Java out of memory error and significant increase in resource consumption. Component: OpenDaylight o... | E | |
| CVE-2017-1000360 | StreamCorruptedException and NullPointerException in OpenDaylight odl-mdsal-xsql. Controller launche... | E | |
| CVE-2017-1000361 | DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controll... | E | |
| CVE-2017-1000362 | The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOM... | | |
| CVE-2017-1000363 | Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parpor... | | |
| CVE-2017-1000364 | An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard ... | E | |
| CVE-2017-1000365 | The Linux Kernel imposes a size restriction on the arguments and environmental strings passed throug... | | |
| CVE-2017-1000366 | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate th... | E S | |
| CVE-2017-1000367 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces)... | E | |
| CVE-2017-1000368 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newli... | | |
| CVE-2017-1000369 | Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()... | M | |
| CVE-2017-1000370 | The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary t... | E | |
| CVE-2017-1000371 | The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMIT_STACK is set to... | E | |
| CVE-2017-1000372 | A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it... | | |
| CVE-2017-1000373 | The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathologi... | E M | |
| CVE-2017-1000374 | A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it ... | | |
| CVE-2017-1000375 | NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled,... | E | |
| CVE-2017-1000376 | libffi requests an executable stack allowing attackers to more easily trigger arbitrary code executi... | | |
| CVE-2017-1000377 | An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GR... | | |
| CVE-2017-1000378 | The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathologic... | | |
| CVE-2017-1000379 | The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the hea... | E | |
| CVE-2017-1000380 | sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/s... | S | |
| CVE-2017-1000381 | The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be ... | | |
| CVE-2017-1000382 | VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORI... | | |
| CVE-2017-1000383 | GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save ... | | |
| CVE-2017-1000384 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16355. Reason: This candida... | R | |
| CVE-2017-1000385 | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS... | | |
| CVE-2017-1000386 | Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission ... | | |
| CVE-2017-1000387 | Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instance... | | |
| CVE-2017-1000388 | Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the AP... | | |
| CVE-2017-1000389 | Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON resp... | | |
| CVE-2017-1000390 | Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build actio... | | |
| CVE-2017-1000391 | Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which ... | | |
| CVE-2017-1000392 | Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not esc... | | |
| CVE-2017-1000393 | Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in ... | | |
| CVE-2017-1000394 | Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library wit... | | |
| CVE-2017-1000395 | Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which ... | | |
| CVE-2017-1000396 | Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library wit... | | |
| CVE-2017-1000397 | Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the v... | | |
| CVE-2017-1000398 | The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed ... | | |
| CVE-2017-1000399 | The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed informati... | | |
| CVE-2017-1000400 | The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained informa... | | |
| CVE-2017-1000401 | The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secret... | | |
| CVE-2017-1000402 | Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with... | | |
| CVE-2017-1000403 | Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbi... | | |
| CVE-2017-1000404 | The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the que... | | |
| CVE-2017-1000405 | The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_p... | E | |
| CVE-2017-1000406 | OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old p... | | |
| CVE-2017-1000407 | The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic po... | S | |
| CVE-2017-1000408 | A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_... | E | |
| CVE-2017-1000409 | A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_... | E | |
| CVE-2017-1000410 | The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of ... | S | |
| CVE-2017-1000411 | OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vis... | | |
| CVE-2017-1000412 | Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bell... | | |
| CVE-2017-1000413 | Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing at... | | |
| CVE-2017-1000414 | ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode hand... | S | |
| CVE-2017-1000415 | MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate vali... | | |
| CVE-2017-1000416 | axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime b... | | |
| CVE-2017-1000417 | MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing... | | |
| CVE-2017-1000418 | The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows ... | E S | |
| CVE-2017-1000419 | phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attack... | E | |
| CVE-2017-1000420 | Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file o... | S | |
| CVE-2017-1000421 | Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting... | S | |
| CVE-2017-1000422 | Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw funct... | S | |
| CVE-2017-1000423 | b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote esc... | S | |
| CVE-2017-1000424 | Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem whe... | | |
| CVE-2017-1000425 | Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0... | S | |
| CVE-2017-1000426 | MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service... | E S | |
| CVE-2017-1000427 | marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.... | E S | |
| CVE-2017-1000428 | flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER[... | | |
| CVE-2017-1000429 | rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.... | E | |
| CVE-2017-1000430 | rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffe... | | |
| CVE-2017-1000431 | eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in... | S | |
| CVE-2017-1000432 | Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums ... | E | |
| CVE-2017-1000433 | pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This... | S | |
| CVE-2017-1000434 | Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect para... | E | |
| CVE-2017-1000435 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16227. Reason: This candida... | R | |
| CVE-2017-1000436 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14975. Reason: This candida... | R | |
| CVE-2017-1000437 | Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, res... | E | |
| CVE-2017-1000438 | In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now p... | M | |
| CVE-2017-1000439 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14601. Reason: This candid... | R | |
| CVE-2017-1000440 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candida... | R | |
| CVE-2017-1000441 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14931. Reason: This candid... | R | |
| CVE-2017-1000442 | Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password worksp... | S | |
| CVE-2017-1000443 | Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions compon... | S | |
| CVE-2017-1000444 | Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and lo... | S | |
| CVE-2017-1000445 | ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore c... | S | |
| CVE-2017-1000446 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15954. Reason: This candida... | R | |
| CVE-2017-1000447 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candida... | R | |
| CVE-2017-1000448 | Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in th... | | |
| CVE-2017-1000449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000450 | In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the i... | E | |
| CVE-2017-1000451 | fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child... | S | |
| CVE-2017-1000452 | An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Expr... | S | |
| CVE-2017-1000453 | CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core mod... | | |
| CVE-2017-1000454 | CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core component... | | |
| CVE-2017-1000455 | GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectl... | S | |
| CVE-2017-1000456 | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to over... | E S | |
| CVE-2017-1000457 | Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote at... | S | |
| CVE-2017-1000458 | Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing r... | | |
| CVE-2017-1000459 | Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes... | E | |
| CVE-2017-1000460 | In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), ... | E S | |
| CVE-2017-1000461 | Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access c... | | |
| CVE-2017-1000462 | BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page... | E | |
| CVE-2017-1000463 | Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the e... | | |
| CVE-2017-1000464 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000465 | Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the p... | | |
| CVE-2017-1000466 | Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the i... | E | |
| CVE-2017-1000467 | LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog c... | | |
| CVE-2017-1000468 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2017-1000469 | Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" com... | E M | |
| CVE-2017-1000470 | EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the H... | S | |
| CVE-2017-1000471 | EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI han... | S | |
| CVE-2017-1000472 | The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does... | E S | |
| CVE-2017-1000473 | Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way m... | E S | |
| CVE-2017-1000474 | Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL In... | E | |
| CVE-2017-1000475 | FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch proc... | E | |
| CVE-2017-1000476 | ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in co... | E S | |
| CVE-2017-1000477 | XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.... | E | |
| CVE-2017-1000478 | ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component... | E | |
| CVE-2017-1000479 | pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resul... | E S | |
| CVE-2017-1000480 | Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() funct... | | |
| CVE-2017-1000481 | When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a '... | | |
| CVE-2017-1000482 | A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile,... | | |
| CVE-2017-1000483 | Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc... | | |
| CVE-2017-1000484 | By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his... | | |
| CVE-2017-1000485 | Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obta... | | |
| CVE-2017-1000486 | Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution... | KEV E | |
| CVE-2017-1000487 | Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process ... | S | |
| CVE-2017-1000488 | Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a ... | E | |
| CVE-2017-1000489 | Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still logi... | M | |
| CVE-2017-1000490 | Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must b... | E | |
| CVE-2017-1000491 | Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due... | S | |
| CVE-2017-1000492 | Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled nod... | S | |
| CVE-2017-1000493 | Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrato... | E S | |
| CVE-2017-1000494 | Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd ... | E S | |
| CVE-2017-1000495 | QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name fie... | E | |
| CVE-2017-1000496 | Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resultin... | | |
| CVE-2017-1000497 | Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in d... | | |
| CVE-2017-1000498 | AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in deni... | | |
| CVE-2017-1000499 | phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a... | E S | |
| CVE-2017-1000500 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candid... | R | |
| CVE-2017-1000501 | Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "confi... | S | |
| CVE-2017-1000502 | Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an E... | | |
| CVE-2017-1000503 | A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wr... | | |
| CVE-2017-1000504 | A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wro... | | |
| CVE-2017-1000505 | In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sand... | | |
| CVE-2017-1000506 | Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's n... | E | |
| CVE-2017-1000507 | Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details tha... | E | |
| CVE-2017-1000508 | Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Clien... | S | |
| CVE-2017-1000509 | Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that c... | E | |
| CVE-2017-1000510 | Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name th... | E | |
| CVE-2017-1000600 | WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that... | |