CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5201 CVE-2017-10025 2017-08-08 2019-10-02
6.4
None Remote Low Not required Partial Partial None
Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N).
5202 CVE-2017-10001 2017-08-08 2019-10-02
6.0
None Remote Medium Single system Partial Partial Partial
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First Edition accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Simphony First Edition. CVSS 3.0 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).
5203 CVE-2017-9996 119 DoS Overflow 2017-06-28 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
5204 CVE-2017-9995 119 DoS Overflow 2017-06-28 2017-07-03
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
5205 CVE-2017-9994 119 DoS Overflow 2017-06-28 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.
5206 CVE-2017-9992 119 DoS Overflow 2017-06-28 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
5207 CVE-2017-9991 119 DoS Overflow 2017-06-28 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
5208 CVE-2017-9990 119 DoS Overflow 2017-06-28 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.
5209 CVE-2017-9949 787 DoS 2017-06-26 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.
5210 CVE-2017-9948 119 Overflow 2017-06-26 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
5211 CVE-2017-9945 20 2017-08-30 2017-09-12
6.1
None Local Network Low Not required None None Complete
In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All versions < V2.1.3), a Denial-of-Service condition could be induced by a specially crafted PROFINET DCP packet sent as a local Ethernet (Layer 2) broadcast. The affected component requires a manual restart via the main device to recover.
5212 CVE-2017-9935 125 Exec Code Overflow Mem. Corr. 2017-06-26 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
5213 CVE-2017-9930 352 CSRF 2017-07-21 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
5214 CVE-2017-9927 119 DoS Overflow 2017-07-05 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe."
5215 CVE-2017-9926 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596."
5216 CVE-2017-9925 119 DoS Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
5217 CVE-2017-9924 119 DoS Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a."
5218 CVE-2017-9915 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "Read Access Violation on Block Data Move starting at ntdll_77df0000!memcpy+0x0000000000000033."
5219 CVE-2017-9914 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."
5220 CVE-2017-9913 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!TpAllocCleanupGroup+0x00000000000003d7."
5221 CVE-2017-9912 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
5222 CVE-2017-9911 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx+0x0000000000010e81."
5223 CVE-2017-9910 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to an "Error Code (0xc000041d) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
5224 CVE-2017-9909 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlAddAccessAllowedAce+0x000000000000027a."
5225 CVE-2017-9908 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at Xfpx+0x000000000000d6da."
5226 CVE-2017-9907 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Possible Stack Corruption starting at Xfpx!gffGetFormatInfo+0x0000000000022e1f."
5227 CVE-2017-9906 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at Xfpx!gffGetFormatInfo+0x0000000000028508."
5228 CVE-2017-9905 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatInfo+0x00000000000228e8."
5229 CVE-2017-9904 119 DoS Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
5230 CVE-2017-9903 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx+0x00000000000117ff."
5231 CVE-2017-9902 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91."
5232 CVE-2017-9901 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls subsequent Write Address starting at Xfpx!gffGetFormatInfo+0x000000000002bfd5."
5233 CVE-2017-9900 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."
5234 CVE-2017-9899 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e388."
5235 CVE-2017-9898 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004cbb."
5236 CVE-2017-9897 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."
5237 CVE-2017-9896 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000013e8a."
5238 CVE-2017-9895 119 Exec Code Overflow 2017-07-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95."
5239 CVE-2017-9892 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x0000000000000393."
5240 CVE-2017-9891 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000007053."
5241 CVE-2017-9890 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at FPX+0x000000000000153a."
5242 CVE-2017-9889 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000003714."
5243 CVE-2017-9888 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0."
5244 CVE-2017-9887 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX+0x000000000000688d."
5245 CVE-2017-9886 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
5246 CVE-2017-9885 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x0000000000006a98."
5247 CVE-2017-9884 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6."
5248 CVE-2017-9883 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007216."
5249 CVE-2017-9882 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Block Data Move starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b84f."
5250 CVE-2017-9881 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014e7."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.