CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-20

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000368 20 Exec Code 2017-06-05 2017-06-08
7.2
None Local Low Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
2 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-08-12
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
3 CVE-2017-1000082 20 2017-07-07 2017-07-22
10.0
Admin Remote Low Not required Complete Complete Complete
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
4 CVE-2017-1000048 20 2017-07-17 2017-08-04
5.0
None Remote Low Not required None None Partial
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
5 CVE-2017-1000039 20 Exec Code 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution
6 CVE-2017-1000018 20 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name
7 CVE-2017-1000016 20 2017-07-17 2017-07-26
5.0
None Remote Low Not required None Partial None
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.
8 CVE-2017-1000014 20 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality
9 CVE-2017-1000001 20 2017-07-17 2017-07-26
5.0
None Remote Low Not required None Partial None
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.
10 CVE-2017-13061 20 DoS 2017-08-22 2017-08-22
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.
11 CVE-2017-12961 20 DoS 2017-08-18 2017-08-21
5.0
None Remote Low Not required None None Partial
There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.
12 CVE-2017-12960 20 DoS 2017-08-18 2017-08-21
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service.
13 CVE-2017-12959 20 DoS 2017-08-18 2017-08-21
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack.
14 CVE-2017-12670 20 DoS 2017-08-07 2017-08-11
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
15 CVE-2017-12587 20 2017-08-06 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
16 CVE-2017-12434 20 DoS 2017-08-04 2017-08-04
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
17 CVE-2017-12145 20 DoS 2017-08-02 2017-08-03
4.3
None Remote Medium Not required None None Partial
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.
18 CVE-2017-12143 20 DoS 2017-08-02 2017-08-03
4.3
None Remote Medium Not required None None Partial
In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.
19 CVE-2017-11692 20 DoS 2017-07-30 2017-08-15
5.0
None Remote Low Not required None None Partial
The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
20 CVE-2017-11673 20 DoS Exec Code 2017-07-27 2017-08-09
7.5
None Remote Low Not required Partial Partial Partial
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."
21 CVE-2017-11665 20 DoS 2017-07-27 2017-08-04
5.0
None Remote Low Not required None None Partial
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream.
22 CVE-2017-11638 20 2017-07-26 2017-07-31
6.8
None Remote Medium Not required Partial Partial Partial
GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642.
23 CVE-2017-11613 20 DoS 2017-07-26 2017-07-31
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.
24 CVE-2017-11555 20 DoS 2017-07-22 2017-07-28
5.0
None Remote Low Not required None None Partial
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
25 CVE-2017-11553 20 DoS 2017-07-22 2017-07-28
5.0
None Remote Low Not required None None Partial
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.
26 CVE-2017-11545 20 2017-07-22 2017-07-27
5.0
None Remote Low Not required None None Partial
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34.
27 CVE-2017-11544 20 2017-07-22 2017-07-27
5.0
None Remote Low Not required None None Partial
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3.
28 CVE-2017-11524 20 DoS 2017-07-22 2017-07-26
4.3
None Remote Medium Not required None None Partial
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
29 CVE-2017-11499 20 2017-07-25 2017-07-31
5.0
None Remote Low Not required None None Partial
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
30 CVE-2017-11495 20 Exec Code 2017-07-20 2017-08-15
9.0
None Remote Low Not required Partial Partial Complete
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated access to this script to trigger a reboot via an ifType=reboot action.
31 CVE-2017-11450 20 DoS 2017-07-19 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
32 CVE-2017-11449 20 DoS 2017-07-19 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
33 CVE-2017-11408 20 2017-07-18 2017-07-22
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection.
34 CVE-2017-11407 20 2017-07-18 2017-07-22
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt.
35 CVE-2017-11394 20 Exec Code 2017-08-03 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
36 CVE-2017-11393 20 Exec Code 2017-08-03 2017-08-05
10.0
None Remote Low Not required Complete Complete Complete
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
37 CVE-2017-11360 20 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None None Partial
The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.
38 CVE-2017-11352 20 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None None Partial
In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9144.
39 CVE-2017-11346 20 Exec Code 2017-07-17 2017-08-11
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Desktop Central before build 100092 allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos.
40 CVE-2017-11342 20 DoS 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.
41 CVE-2017-11340 20 DoS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None None Partial
There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack.
42 CVE-2017-11338 20 DoS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None None Partial
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
43 CVE-2017-11183 20 2017-07-28 2017-08-07
5.5
None Remote Low Single system None Partial Partial
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.
44 CVE-2017-11112 20 DoS 2017-07-08 2017-07-13
5.0
None Remote Low Not required None None Partial
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
45 CVE-2017-11102 20 DoS 2017-07-07 2017-07-12
5.0
None Remote Low Not required None None Partial
The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure.
46 CVE-2017-11099 20 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.
47 CVE-2017-11098 20 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.
48 CVE-2017-10993 20 Dir. Trav. 2017-07-21 2017-07-26
6.5
None Remote Low Single system Partial Partial Partial
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
49 CVE-2017-10923 20 DoS 2017-07-04 2017-08-21
5.0
None Remote Low Not required None None Partial
Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.
50 CVE-2017-10918 20 2017-07-04 2017-08-21
10.0
None Remote Low Not required Complete Complete Complete
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
Total number of vulnerabilities : 4698   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.