CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-20

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-7979 20 DoS 2017-04-19 2017-04-25
7.2
None Local Low Not required Complete Complete Complete
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.
2 CVE-2017-7892 20 Overflow 2017-04-17 2017-04-25
5.0
None Remote Low Not required None None Partial
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.
3 CVE-2017-7747 20 2017-04-12 2017-04-18
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.
4 CVE-2017-7703 20 2017-04-12 2017-04-18
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
5 CVE-2017-7692 20 Exec Code 2017-04-20 2017-04-27
9.0
None Remote Low Single system Complete Complete Complete
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.
6 CVE-2017-7645 20 DoS 2017-04-18 2017-04-28
7.8
None Remote Low Not required None None Complete
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
7 CVE-2017-7613 20 DoS 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
8 CVE-2017-7609 20 DoS 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
9 CVE-2017-7606 20 DoS 2017-04-09 2017-04-13
4.3
None Remote Medium Not required None None Partial
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
10 CVE-2017-7604 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
11 CVE-2017-7601 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
12 CVE-2017-7600 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
13 CVE-2017-7599 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
14 CVE-2017-7597 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
15 CVE-2017-7596 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
16 CVE-2017-7592 20 DoS 2017-04-09 2017-04-13
6.8
None Remote Medium Not required Partial Partial Partial
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
17 CVE-2017-7456 20 DoS 2017-04-14 2017-04-20
5.0
None Remote Low Not required None None Partial
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
18 CVE-2017-7408 20 DoS 2017-04-14 2017-04-21
5.0
None Remote Low Not required None None Partial
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
19 CVE-2017-7401 20 DoS 2017-04-03 2017-04-11
5.0
None Remote Low Not required None None Partial
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
20 CVE-2017-7394 20 2017-03-31 2017-04-04
5.0
None Remote Low Not required None None Partial
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
21 CVE-2017-7346 20 DoS 2017-03-30 2017-04-04
4.9
None Local Low Not required None None Complete
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
22 CVE-2017-7301 20 2017-03-29 2017-03-31
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an aout_link_add_symbols function in bfd/aoutx.h that has an off-by-one vulnerability because it does not carefully check the string offset. The vulnerability could lead to a GNU linker (ld) program crash.
23 CVE-2017-7283 20 Exec Code 2017-04-19 2017-04-24
9.0
None Remote Low Single system Complete Complete Complete
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.
24 CVE-2017-7280 20 Exec Code 2017-04-12 2017-04-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable.
25 CVE-2017-7262 20 DoS 2017-03-24 2017-03-29
4.9
None Local Low Not required None None Complete
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demonstrated by the Flops test suite.
26 CVE-2017-7261 20 DoS 2017-03-24 2017-03-28
4.9
None Local Low Not required None None Complete
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.
27 CVE-2017-7217 20 2017-04-14 2017-04-21
4.0
None Remote Low Single system None Partial None
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters.
28 CVE-2017-7183 20 DoS 2017-03-27 2017-03-31
5.0
None Remote Low Not required None None Partial
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
29 CVE-2017-6974 20 2017-04-01 2017-04-06
4.3
None Remote Medium Not required None Partial None
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the system-installation subsystem of the "System Integrity Protection" component. It allows attackers to modify the contents of a protected disk location via a crafted app.
30 CVE-2017-6961 20 2017-03-17 2017-03-20
4.3
None Remote Medium Not required None None Partial
An issue was discovered in apng2gif 1.7. There is improper sanitization of user input causing huge memory allocations, resulting in a crash. This is related to the read_chunk function using the pChunk->size value (within the PNG file) to determine the amount of memory to allocate.
31 CVE-2017-6955 20 2017-03-17 2017-03-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack.
32 CVE-2017-6837 20 DoS 2017-03-20 2017-04-04
4.3
None Remote Medium Not required None None Partial
WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.
33 CVE-2017-6815 20 2017-03-11 2017-03-14
5.8
None Remote Medium Not required Partial Partial None
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
34 CVE-2017-6619 20 Exec Code 2017-04-20 2017-04-26
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591.
35 CVE-2017-6616 20 Exec Code 2017-04-20 2017-04-26
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize specific values that are received as part of a user-supplied HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user on the affected system. Cisco Bug IDs: CSCvd14578.
36 CVE-2017-6505 20 DoS 2017-03-15 2017-03-17
2.1
None Local Low Not required None None Partial
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors.
37 CVE-2017-6504 20 2017-03-05 2017-03-07
4.3
None Remote Medium Not required None Partial None
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.
38 CVE-2017-6498 20 2017-03-05 2017-03-07
4.3
None Remote Medium Not required None None Partial
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
39 CVE-2017-6473 20 2017-03-03 2017-03-14
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets.
40 CVE-2017-6472 20 2017-03-03 2017-03-14
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value.
41 CVE-2017-6471 20 2017-03-03 2017-03-14
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length.
42 CVE-2017-6469 20 2017-03-03 2017-03-14
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure.
43 CVE-2017-6468 20 2017-03-03 2017-03-14
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records.
44 CVE-2017-6467 20 2017-03-03 2017-03-14
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size.
45 CVE-2017-6466 20 2017-03-11 2017-03-14
9.3
None Remote Medium Not required Complete Complete Complete
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed.
46 CVE-2017-6464 20 DoS 2017-03-27 2017-03-29
4.0
None Remote Low Single system None None Partial
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
47 CVE-2017-6463 20 DoS 2017-03-27 2017-03-29
4.0
None Remote Low Single system None None Partial
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
48 CVE-2017-6367 20 2017-03-14 2017-03-16
5.0
None Remote Low Not required None None Partial
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
49 CVE-2017-6345 20 DoS 2017-03-01 2017-03-03
4.6
None Local Low Not required Partial Partial Partial
The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.
50 CVE-2017-6181 20 DoS 2017-04-03 2017-04-11
5.0
None Remote Low Not required None None Partial
The parse_char_class function in regparse.c in the Onigmo (aka Oniguruma-mod) regular expression library, as used in Ruby 2.4.0, allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted regular expression.
Total number of vulnerabilities : 4419   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.