CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3501 CVE-2018-0003 399 DoS 2018-01-10 2018-10-25
6.1
None Local Network Low Not required None None Complete
A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue.
3502 CVE-2017-1002102 2018-03-13 2018-04-11
6.3
None Local Medium Not required None Complete Complete
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
3503 CVE-2017-1002026 89 Sql 2017-09-14 2019-07-31
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
3504 CVE-2017-1002025 89 Sql 2017-09-14 2017-09-21
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
3505 CVE-2017-1001004 20 Exec Code 2017-11-27 2017-12-20
6.8
None Remote Medium Not required Partial Partial Partial
typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
3506 CVE-2017-1000600 20 Exec Code 2018-09-06 2018-10-26
6.5
None Remote Low Single system Partial Partial Partial
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9
3507 CVE-2017-1000504 352 Exec Code CSRF 2018-01-24 2019-05-08
6.8
None Remote Medium Not required Partial Partial Partial
A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective.
3508 CVE-2017-1000503 362 Exec Code 2018-01-24 2018-02-12
6.8
None Remote Medium Not required Partial Partial Partial
A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default.
3509 CVE-2017-1000499 352 CSRF 2018-01-03 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
3510 CVE-2017-1000498 611 DoS Exec Code 2018-01-03 2018-01-17
6.8
None Remote Medium Not required Partial Partial Partial
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
3511 CVE-2017-1000496 611 DoS Exec Code 2018-01-03 2018-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.
3512 CVE-2017-1000489 287 2018-01-03 2018-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
3513 CVE-2017-1000479 352 Exec Code CSRF 2018-01-03 2019-05-30
6.8
None Remote Medium Not required Partial Partial Partial
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.
3514 CVE-2017-1000456 119 Overflow 2018-01-02 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
3515 CVE-2017-1000452 91 2018-01-02 2018-01-17
6.0
None Remote Medium Single system Partial Partial Partial
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
3516 CVE-2017-1000450 190 DoS Exec Code Overflow 2018-01-02 2018-07-23
6.8
None Remote Medium Not required Partial Partial Partial
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
3517 CVE-2017-1000438 21 2018-01-02 2018-01-17
6.5
None Remote Low Single system Partial Partial Partial
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.
3518 CVE-2017-1000433 255 2018-01-02 2019-05-03
6.8
None Remote Medium Not required Partial Partial Partial
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
3519 CVE-2017-1000432 352 CSRF 2018-01-02 2018-01-17
6.0
None Remote Medium Single system Partial Partial Partial
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
3520 CVE-2017-1000422 190 Exec Code Overflow Mem. Corr. 2018-01-02 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
3521 CVE-2017-1000420 59 2018-01-02 2018-01-16
6.4
None Remote Low Not required None Partial Partial
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
3522 CVE-2017-1000418 119 DoS Overflow 2018-01-02 2018-01-18
6.8
None Remote Medium Not required Partial Partial Partial
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
3523 CVE-2017-1000409 119 Overflow 2018-01-31 2019-04-04
6.9
None Local Medium Not required Complete Complete Complete
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
3524 CVE-2017-1000407 754 DoS 2017-12-11 2019-05-14
6.1
None Local Network Low Not required None None Complete
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
3525 CVE-2017-1000405 362 2017-11-30 2018-02-12
6.9
None Local Medium Not required Complete Complete Complete
The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()'s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original "Dirty cow" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.
3526 CVE-2017-1000403 264 2018-01-25 2018-02-15
6.5
None Remote Low Single system Partial Partial Partial
Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.
3527 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2019-04-26
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
3528 CVE-2017-1000373 400 Exec Code 2017-06-19 2017-10-23
6.4
None Remote Low Not required None Partial Partial
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
3529 CVE-2017-1000367 20 Exec Code 2017-06-05 2018-10-31
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
3530 CVE-2017-1000364 119 Overflow Bypass 2017-06-19 2018-10-18
6.2
None Local High Not required Complete Complete Complete
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
3531 CVE-2017-1000356 352 2018-01-29 2018-02-15
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
3532 CVE-2017-1000354 287 2018-01-29 2018-02-15
6.5
None Remote Low Single system Partial Partial Partial
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.
3533 CVE-2017-1000257 119 Overflow 2017-10-31 2018-11-13
6.4
None Remote Low Not required Partial None Partial
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.
3534 CVE-2017-1000256 295 2017-10-31 2017-11-30
6.8
None Remote Medium Not required Partial Partial Partial
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
3535 CVE-2017-1000255 787 2017-10-30 2018-04-10
6.6
None Local Low Not required None Complete Complete
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable.
3536 CVE-2017-1000244 352 CSRF 2017-11-01 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
3537 CVE-2017-1000241 264 2017-11-16 2017-11-30
6.5
None Remote Low Single system Partial Partial Partial
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and modify information only accessible to administrators.
3538 CVE-2017-1000238 434 2017-11-16 2017-11-30
6.5
None Remote Low Single system Partial Partial Partial
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver.
3539 CVE-2017-1000229 190 DoS Exec Code Overflow 2017-11-17 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
3540 CVE-2017-1000217 74 Exec Code 2017-11-17 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
3541 CVE-2017-1000208 17 Exec Code 2017-11-16 2017-12-08
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
3542 CVE-2017-1000207 17 Exec Code 2017-11-27 2017-12-08
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
3543 CVE-2017-1000195 74 2017-11-16 2017-11-30
6.4
None Remote Low Not required None Partial Partial
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
3544 CVE-2017-1000190 611 2017-11-17 2019-07-23
6.4
None Remote Low Not required Partial None Partial
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
3545 CVE-2017-1000150 384 2017-11-03 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
3546 CVE-2017-1000148 94 Exec Code 2017-11-03 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
3547 CVE-2017-1000147 352 CSRF 2017-11-03 2017-11-15
6.0
None Remote Medium Single system Partial Partial Partial
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
3548 CVE-2017-1000141 640 2018-01-30 2018-06-13
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
3549 CVE-2017-1000139 918 2017-11-03 2017-11-15
6.0
None Remote Medium Single system Partial Partial Partial
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
3550 CVE-2017-1000134 264 2017-11-03 2017-11-15
6.5
None Remote Low Single system Partial Partial Partial
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.