LiveActive security incident?Get immediate response
CVE archive

February 2017

Browse CVE records published in February 2017, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 872 matching CVEs · Page 3 of 18.

Unknown · CVSS Not scored

CVE-2017-14177: Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to crea...

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.

Published Feb 2, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2017-6229: Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmwa...

Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and Ruckus Networks Zone Director firmware releases 10.1.0.0.x, 9.10.2.0.x, 9.12.3.0.x, 9.13.3.0.x, 10.0.1.0.x or before contain authenticated Root Command Injection in the CLI that could allow authenticated valid users to execute privileged commands on the respective systems.

Published Feb 14, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2017-13238: In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has p...

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.

Published Feb 12, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2017-13232: In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not...

In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.

Published Feb 12, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2017-18035: The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible...

The /rest/review-coverage-chart/1.0/data/<repository_name>/.json resource in Atlassian Fisheye and Crucible before version 4.5.1 and 4.6.0 was missing a permissions check, this allows remote attackers who do not have access to a particular repository to determine its existence and access review coverage statistics for it.

Published Feb 2, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2017-1604: IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting.

IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132851.

Published Feb 21, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2017-15095: A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which co...

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Published Feb 6, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2017-16861: It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in...

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.

Published Feb 1, 2018 · Updated Sep 16, 2024