National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): CVE-2017-1150
There are 10 matching records.
Vuln ID Summary CVSS Severity
CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

Published: March 28, 2018; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2017-11507

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Published: December 11, 2017; 11:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-11508

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.

Published: November 02, 2017; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-11506

When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Published: August 09, 2017; 08:29:00 AM -04:00
V3: 7.4 HIGH
V2: 5.8 MEDIUM
CVE-2017-11505

The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

Published: July 21, 2017; 12:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 7.1 HIGH
CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

Published: July 20, 2017; 07:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-11502

Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.

Published: July 20, 2017; 07:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2017-11501

NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.

Published: July 20, 2017; 07:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-11500

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.

Published: July 20, 2017; 06:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2017-1150

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

Published: March 08, 2017; 02:59:00 PM -05:00
V3: 3.1 LOW
V2: 3.5 LOW