CWE-417 is a common weakness enumeration in software security. This database tracks 12 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-417?

There are 12 CVE vulnerabilities classified as CWE-417 with an average CVSS score of 6.925.

What is the severity distribution for CWE-417?

CWE-417 contains 3 critical, 4 high, 3 medium, and 2 low severity vulnerabilities.

CWE-417

Total CVEs

Vulnerabilities

Avg CVSS v3

6.9

Medium

Avg CVSS v2

5.1

Medium

Latest CVE

2019

Most Recent

Severity Distribution

Critical 3

25%

High 4

33.3%

Medium 3

25%

Low 2

16.7%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (12)

Page 1 of 1

CVE-2019-9855

CRITICAL

CVSS:9.8(Critical)

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice ...

CWE-4172019

CVE-2017-1000197

CRITICAL

CVSS:9.8(Critical)

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.

CWE-4172017

CVE-2017-6520

CRITICAL

CVSS:9.1(Critical)

The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a den...

CWE-4172017

CVE-2017-7760

HIGH

CVSS:7.8(High)

The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a...

CWE-4172017

CVE-2018-5254

HIGH

CVSS:7.5(High)

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.

CWE-4172018

CVE-2018-14900

HIGH

CVSS:7.5(High)

On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.

CWE-4172018

CVE-2016-9879

HIGH

CVSS:7.5(High)

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints...

CWE-4172016

CVE-2019-14318

MEDIUM

CVSS:5.9(Medium)

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operat...

CWE-4172019

CVE-2017-3969

MEDIUM

CVSS:5.9(Medium)

Abuse of communication channels vulnerability in the server in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows man-in-the-middle attackers to decrypt messages via an inadequate imple...

CWE-4172017

CVE-2017-2712

MEDIUM

CVSS:5.3(Medium)

S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to...

CWE-4172017

CVE-2017-8822

LOW

CVSS:3.7(Low)

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick the...

CWE-4172017

CVE-2018-6556

LOW

CVSS:3.3(Low)

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they...

CWE-4172018