CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8751 CVE-2017-18080 352 CSRF 2018-02-02 2018-02-13
6.8
None Remote Medium Not required Partial Partial Partial
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
8752 CVE-2017-18105 384 2019-03-29 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
8753 CVE-2017-18120 415 2018-02-02 2018-02-14
6.8
None Remote Medium Not required Partial Partial Partial
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
8754 CVE-2017-18122 347 Bypass 2018-02-02 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
8755 CVE-2017-18198 125 DoS 2018-02-24 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
8756 CVE-2017-18205 476 2018-02-27 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
8757 CVE-2017-18209 476 2018-03-01 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
8758 CVE-2017-18220 416 DoS 2018-03-05 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
8759 CVE-2017-18223 287 2018-03-10 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
8760 CVE-2017-18234 416 DoS 2018-03-15 2019-08-06
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.
8761 CVE-2017-18266 74 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
8762 CVE-2017-18366 352 CSRF 2019-04-15 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.1.5 has CSRF in blog/delete/.
8763 CVE-2017-18474 200 +Info 2019-08-05 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
8764 CVE-2017-18504 352 CSRF 2019-08-12 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
8765 CVE-2017-18510 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
8766 CVE-2017-18511 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
8767 CVE-2017-18512 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
8768 CVE-2017-18513 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
8769 CVE-2017-18521 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
8770 CVE-2017-18523 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
8771 CVE-2017-18544 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
8772 CVE-2017-18546 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
8773 CVE-2017-18547 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
8774 CVE-2017-18569 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
8775 CVE-2017-18607 352 CSRF 2019-09-10 2019-09-10
6.8
None Remote Medium Not required Partial Partial Partial
The avada theme before 5.1.5 for WordPress has CSRF.
8776 CVE-2017-1000008 352 CSRF 2017-07-17 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
8777 CVE-2017-1000010 427 Exec Code 2017-07-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution
8778 CVE-2017-1000045 352 Bypass CSRF 2017-07-17 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking
8779 CVE-2017-1000053 502 Exec Code 2017-07-17 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
8780 CVE-2017-1000069 352 CSRF 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
8781 CVE-2017-1000071 287 Bypass 2017-07-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
8782 CVE-2017-1000083 Exec Code 2017-09-05 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
8783 CVE-2017-1000090 352 CSRF 2017-10-04 2017-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.
8784 CVE-2017-1000091 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
8785 CVE-2017-1000093 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.
8786 CVE-2017-1000117 601 2017-10-04 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
8787 CVE-2017-1000207 502 Exec Code 2017-11-27 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
8788 CVE-2017-1000208 502 Exec Code 2017-11-16 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects the 'generate' and 'validate' command in swagger-codegen (<= 2.2.2) and can lead to arbitrary code being executed when these commands are used on a well-crafted yaml specification.
8789 CVE-2017-1000217 74 Exec Code 2017-11-17 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0.
8790 CVE-2017-1000229 190 DoS Exec Code Overflow 2017-11-17 2019-05-06
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
8791 CVE-2017-1000244 352 CSRF 2017-11-01 2019-05-22
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
8792 CVE-2017-1000256 295 2017-10-31 2019-09-26
6.8
None Remote Medium Not required Partial Partial Partial
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.
8793 CVE-2017-1000356 352 2018-01-29 2018-02-15
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts.
8794 CVE-2017-1000418 119 DoS Overflow 2018-01-02 2018-01-18
6.8
None Remote Medium Not required Partial Partial Partial
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
8795 CVE-2017-1000422 190 Exec Code Overflow Mem. Corr. 2018-01-02 2019-05-02
6.8
None Remote Medium Not required Partial Partial Partial
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
8796 CVE-2017-1000433 287 2018-01-02 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.
8797 CVE-2017-1000450 190 DoS Exec Code Overflow 2018-01-02 2018-07-23
6.8
None Remote Medium Not required Partial Partial Partial
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
8798 CVE-2017-1000456 119 Overflow 2018-01-02 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
8799 CVE-2017-1000479 352 Exec Code CSRF 2018-01-03 2019-05-30
6.8
None Remote Medium Not required Partial Partial Partial
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under "possibly insecure" suspicions.
8800 CVE-2017-1000489 287 2018-01-03 2018-01-16
6.8
None Remote Medium Not required Partial Partial Partial
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.