CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-20

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000368 20 Exec Code 2017-06-05 2017-06-08
7.2
None Local Low Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
2 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-06-09
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
3 CVE-2017-9501 20 DoS 2017-06-07 2017-06-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
4 CVE-2017-9500 20 DoS 2017-06-07 2017-06-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
5 CVE-2017-9499 20 DoS 2017-06-07 2017-06-12
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
6 CVE-2017-9375 20 DoS 2017-06-16 2017-06-20
1.9
None Local Medium Not required None None Partial
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
7 CVE-2017-9354 20 2017-06-02 2017-06-06
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
8 CVE-2017-9353 20 2017-06-02 2017-06-06
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
9 CVE-2017-9334 20 DoS Bypass 2017-06-01 2017-06-09
5.0
None Remote Low Not required None None Partial
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.
10 CVE-2017-9330 20 DoS 2017-06-08 2017-06-13
1.9
None Local Medium Not required None None Partial
QEMU (aka Quick Emulator), when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value.
11 CVE-2017-9310 20 DoS 2017-06-08 2017-06-13
1.9
None Local Medium Not required None None Partial
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
12 CVE-2017-9303 20 2017-05-29 2017-06-08
5.8
None Remote Medium Not required Partial Partial None
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
13 CVE-2017-9263 20 2017-05-29 2017-06-07
3.3
None Local Network Low Not required None None Partial
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
14 CVE-2017-9242 20 DoS 2017-05-26 2017-05-31
4.9
None Local Low Not required None None Complete
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
15 CVE-2017-9217 20 DoS 2017-05-24 2017-06-06
5.0
None Remote Low Not required None None Partial
systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.
16 CVE-2017-9212 20 2017-05-23 2017-06-07
7.8
None Remote Low Not required None None Complete
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
17 CVE-2017-9188 20 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63.
18 CVE-2017-9144 20 2017-05-22 2017-05-26
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
19 CVE-2017-9142 20 2017-05-22 2017-05-31
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
20 CVE-2017-9141 20 2017-05-22 2017-05-26
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
21 CVE-2017-9131 20 Exec Code 2017-05-21 2017-05-26
5.0
None Remote Low Not required None None Partial
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka "unauthenticated remote command execution." This command can be re-sent endlessly to act as a DoS attack on the client.
22 CVE-2017-9094 20 DoS 2017-05-19 2017-06-01
4.3
None Remote Medium Not required None None Partial
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
23 CVE-2017-9093 20 DoS 2017-05-19 2017-05-24
4.3
None Remote Medium Not required None None Partial
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
24 CVE-2017-9091 20 Bypass 2017-05-19 2017-05-24
5.0
None Remote Low Not required None Partial None
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
25 CVE-2017-9090 20 Bypass 2017-05-19 2017-05-24
5.0
None Remote Low Not required None Partial None
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
26 CVE-2017-9065 20 2017-05-18 2017-05-23
5.0
None Remote Low Not required None Partial None
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
27 CVE-2017-9046 20 Exec Code 2017-05-21 2017-06-02
4.4
None Local Medium Not required Partial Partial Partial
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.
28 CVE-2017-9043 20 DoS 2017-05-17 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
29 CVE-2017-9034 20 Exec Code 2017-05-25 2017-06-01
10.0
None Remote Low Not required Complete Complete Complete
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.
30 CVE-2017-9022 20 DoS 2017-06-08 2017-06-21
5.0
None Remote Low Not required None None Partial
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
31 CVE-2017-8934 20 DoS 2017-05-15 2017-05-22
2.1
None Local Low Not required None None Partial
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).
32 CVE-2017-8933 20 DoS 2017-05-15 2017-05-22
2.1
None Local Low Not required None None Partial
Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).
33 CVE-2017-8923 20 DoS 2017-05-12 2017-05-24
7.5
None Remote Low Not required Partial Partial Partial
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
34 CVE-2017-8915 20 DoS 2017-05-23 2017-06-08
5.0
None Remote Low Not required None None Partial
sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to cause a denial of service (assertion failure and service crash) by pushing a package with a filename containing a $ (dollar sign) or % (percent) character, aka SAP Security Note 2407694.
35 CVE-2017-8849 20 +Priv 2017-05-17 2017-05-31
7.2
None Local Low Not required Complete Complete Complete
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
36 CVE-2017-8555 20 Bypass 2017-06-14 2017-06-21
4.3
None Remote Medium Not required None Partial None
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.
37 CVE-2017-8550 20 Exec Code 2017-06-14 2017-06-27
8.5
None Remote Medium Single system Complete Complete Complete
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
38 CVE-2017-8545 20 2017-06-14 2017-06-27
4.3
None Remote Medium Not required None Partial None
A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability".
39 CVE-2017-8396 20 2017-05-01 2017-05-11
5.0
None Remote Low Not required None None Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read of size 1 because the existing reloc offset range tests didn't catch small negative offsets less than the size of the reloc field. This vulnerability causes programs that conduct an analysis of binary programs using the libbfd library, such as objdump, to crash.
40 CVE-2017-8372 20 DoS 2017-04-30 2017-05-11
2.6
None Remote High Not required None None Partial
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
41 CVE-2017-8288 20 Exec Code 2017-04-26 2017-05-10
6.8
None Remote Medium Not required Partial Partial Partial
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
42 CVE-2017-8219 20 2017-04-25 2017-05-09
4.0
None Remote Low Single system None None Partial
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI.
43 CVE-2017-7979 20 DoS 2017-04-19 2017-04-25
7.2
None Local Low Not required Complete Complete Complete
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denial of service (uninitialized memory access and refcount underflow, and system hang or crash) or possibly have unspecified other impact via "tc filter add" commands in certain contexts. NOTE: this does not affect stable kernels, such as 4.10.x, from kernel.org.
44 CVE-2017-7957 20 2017-04-29 2017-05-09
5.0
None Remote Low Not required None None Partial
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML("<void/>") call.
45 CVE-2017-7892 20 Overflow 2017-04-17 2017-04-25
5.0
None Remote Low Not required None None Partial
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.
46 CVE-2017-7747 20 2017-04-12 2017-04-18
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree.
47 CVE-2017-7721 20 2017-04-30 2017-05-11
2.6
None Remote High Not required None None Partial
IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.
48 CVE-2017-7703 20 2017-04-12 2017-04-18
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
49 CVE-2017-7692 20 Exec Code 2017-04-20 2017-05-01
9.0
None Remote Low Single system Complete Complete Complete
SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in -f$envelopefrom within the sendmail command line. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.
50 CVE-2017-7676 20 2017-06-14 2017-06-19
7.5
None Remote Low Not required Partial Partial Partial
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
Total number of vulnerabilities : 4547   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.