CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-20

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002012 20 2017-09-14 2017-09-20
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
2 CVE-2017-1002005 20 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
3 CVE-2017-1002004 20 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
4 CVE-2017-1000368 20 Exec Code 2017-06-05 2017-10-09
7.2
None Local Low Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
5 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-08-12
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
6 CVE-2017-1000252 20 DoS 2017-09-26 2017-09-28
2.1
None Local Low Not required None None Partial
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
7 CVE-2017-1000082 20 2017-07-07 2017-07-22
10.0
Admin Remote Low Not required Complete Complete Complete
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
8 CVE-2017-1000048 20 2017-07-17 2017-08-04
5.0
None Remote Low Not required None None Partial
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
9 CVE-2017-1000039 20 Exec Code 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution
10 CVE-2017-1000018 20 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name
11 CVE-2017-1000016 20 2017-07-17 2017-07-26
5.0
None Remote Low Not required None Partial None
A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.
12 CVE-2017-1000014 20 2017-07-17 2017-07-19
5.0
None Remote Low Not required None None Partial
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality
13 CVE-2017-1000001 20 2017-07-17 2017-07-26
5.0
None Remote Low Not required None Partial None
FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on.
14 CVE-2017-15024 20 DoS 2017-10-04 2017-10-11
4.3
None Remote Medium Not required None None Partial
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
15 CVE-2017-15012 20 2017-10-13 2017-10-19
6.5
None Remote Low Single system Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
16 CVE-2017-14944 20 2017-09-29 2017-10-11
5.0
None Remote Low Not required None Partial None
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
17 CVE-2017-14935 20 +Info 2017-09-29 2017-10-06
5.0
None Remote Low Not required Partial None None
Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.
18 CVE-2017-14933 20 DoS 2017-09-29 2017-10-10
4.3
None Remote Medium Not required None None Partial
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
19 CVE-2017-14932 20 DoS 2017-09-29 2017-10-03
4.3
None Remote Medium Not required None None Partial
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
20 CVE-2017-14867 20 Exec Code 2017-09-28 2017-10-11
9.0
None Remote Low Single system Complete Complete Complete
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
21 CVE-2017-14771 20 2017-10-02 2017-10-11
3.6
None Local Low Not required None Partial Partial
Skybox Manager Client Application prior to 8.5.501 is prone to an arbitrary file upload vulnerability due to insufficient input validation of user-supplied files path when uploading files via the application. During a debugger-pause state, a local authenticated attacker can upload an arbitrary file and overwrite existing files within the scope of the affected application.
22 CVE-2017-14741 20 DoS 2017-09-25 2017-09-28
4.3
None Remote Medium Not required None None Partial
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
23 CVE-2017-14650 20 Exec Code 2017-09-21 2017-10-05
6.8
None Remote Medium Not required Partial Partial Partial
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line.
24 CVE-2017-14649 20 DoS 2017-09-21 2017-09-26
4.3
None Remote Medium Not required None None Partial
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
25 CVE-2017-14617 20 2017-09-20 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
26 CVE-2017-14604 20 Exec Code 2017-09-20 2017-10-05
4.0
None Remote Low Single system None Partial None
GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
27 CVE-2017-14520 20 2017-09-17 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
28 CVE-2017-14518 20 2017-09-17 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
29 CVE-2017-14511 20 Bypass 2017-09-17 2017-09-28
5.0
None Remote Low Not required None None Partial
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.
30 CVE-2017-14509 20 File Inclusion 2017-09-17 2017-09-22
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.
31 CVE-2017-14489 20 DoS 2017-09-15 2017-10-04
4.9
None Local Low Not required None None Complete
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
32 CVE-2017-14430 20 DoS 2017-09-13 2017-09-20
5.0
None Remote Low Not required None None Partial
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
33 CVE-2017-14344 20 Exec Code Overflow 2017-09-12 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
34 CVE-2017-14335 20 2017-09-12 2017-09-28
5.0
None Remote Low Not required None Partial None
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
35 CVE-2017-14320 20 Exec Code 2017-09-21 2017-10-04
6.0
None Remote Medium Single system Partial Partial Partial
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.
36 CVE-2017-14231 20 DoS 2017-09-10 2017-09-19
5.0
None Remote Low Not required None None Partial
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php.
37 CVE-2017-14230 20 DoS +Info 2017-09-10 2017-09-21
6.4
None Remote Low Not required Partial None Partial
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command.
38 CVE-2017-14169 20 Bypass 2017-09-07 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg 3.3.3, an integer signedness error might occur when a crafted file, which claims a large "item_num" field such as 0xffffffff, is provided. As a result, the variable "item_num" turns negative, bypassing the check for a large value.
39 CVE-2017-14105 20 Exec Code 2017-09-01 2017-09-13
7.2
None Local Low Not required Complete Complete Complete
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).
40 CVE-2017-14098 20 2017-09-02 2017-09-14
5.0
None Remote Low Not required None None Partial
In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.
41 CVE-2017-14087 20 2017-10-05 2017-10-13
5.0
None Remote Low Not required None Partial None
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
42 CVE-2017-14063 20 2017-08-31 2017-09-13
5.0
None Remote Low Not required None Partial None
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
43 CVE-2017-13753 20 DoS 2017-08-29 2017-08-29
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function JPC_NOMINALGAIN() in jpc/jpc_t1cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
44 CVE-2017-13752 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
45 CVE-2017-13751 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
46 CVE-2017-13750 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
47 CVE-2017-13749 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
48 CVE-2017-13748 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack.
49 CVE-2017-13747 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
50 CVE-2017-13746 20 DoS 2017-08-29 2017-08-30
5.0
None Remote Low Not required None None Partial
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
Total number of vulnerabilities : 4861   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.