CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9551 CVE-2017-15296 352 CSRF 2017-10-16 2018-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
9552 CVE-2017-15285 20 Exec Code 2017-10-12 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.
9553 CVE-2017-15281 119 DoS Overflow 2017-10-12 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
9554 CVE-2017-15276 22 +Priv Dir. Trav. 2017-10-13 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
9555 CVE-2017-15265 362 DoS 2017-10-16 2020-07-15
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
9556 CVE-2017-15264 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4."
9557 CVE-2017-15263 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4."
9558 CVE-2017-15262 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c."
9559 CVE-2017-15261 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35."
9560 CVE-2017-15260 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59."
9561 CVE-2017-15259 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a."
9562 CVE-2017-15258 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c."
9563 CVE-2017-15257 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a."
9564 CVE-2017-15256 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8."
9565 CVE-2017-15255 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0."
9566 CVE-2017-15254 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5."
9567 CVE-2017-15253 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2."
9568 CVE-2017-15252 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb."
9569 CVE-2017-15251 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326."
9570 CVE-2017-15250 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19."
9571 CVE-2017-15249 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6."
9572 CVE-2017-15248 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6."
9573 CVE-2017-15247 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1."
9574 CVE-2017-15246 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b."
9575 CVE-2017-15245 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76."
9576 CVE-2017-15244 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
9577 CVE-2017-15243 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4."
9578 CVE-2017-15242 119 DoS Exec Code Overflow 2017-10-11 2017-10-27
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."
9579 CVE-2017-15241 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."
9580 CVE-2017-15240 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."
9581 CVE-2017-15239 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4."
9582 CVE-2017-15238 416 2017-10-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
9583 CVE-2017-15221 119 Overflow 2017-10-16 2020-03-10
6.8
None Remote Medium Not required Partial Partial Partial
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
9584 CVE-2017-15102 476 +Priv 2017-11-15 2019-05-08
6.9
None Local Medium Not required Complete Complete Complete
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference.
9585 CVE-2017-15089 502 2018-02-15 2019-06-04
6.5
None Remote Low ??? Partial Partial Partial
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.
9586 CVE-2017-15063 352 CSRF 2017-10-06 2018-11-08
6.8
None Remote Medium Not required Partial Partial Partial
There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.
9587 CVE-2017-15056 476 DoS 2017-10-06 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().
9588 CVE-2017-15055 269 2017-11-27 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the "item_id" parameter when invoking "copy_item" on items.queries.php.
9589 CVE-2017-15054 434 Exec Code 2017-11-27 2017-12-07
6.5
None Remote Low ??? Partial Partial Partial
An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server.
9590 CVE-2017-15048 119 Exec Code Overflow 2017-12-19 2021-05-14
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
9591 CVE-2017-15044 +Priv Bypass 2017-11-21 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface.
9592 CVE-2017-15037 362 2017-10-05 2017-10-13
6.8
None Remote Medium Not required Partial Partial Partial
In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.
9593 CVE-2017-15020 125 DoS 2017-10-05 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles pointers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file, related to parse_die and parse_line_table, as demonstrated by a parse_die heap-based buffer over-read.
9594 CVE-2017-15019 476 2017-10-05 2017-10-12
6.8
None Remote Medium Not required Partial Partial Partial
LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call.
9595 CVE-2017-15017 476 2017-10-05 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.
9596 CVE-2017-15016 476 2017-10-05 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.
9597 CVE-2017-15015 476 2017-10-05 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.
9598 CVE-2017-15013 269 +Priv 2017-10-13 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges.
9599 CVE-2017-15012 20 2017-10-13 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
9600 CVE-2017-14958 434 Exec Code 2017-10-02 2017-10-06
6.5
None Remote Low ??? Partial Partial Partial
lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.
Total number of vulnerabilities : 22306   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 (This Page)193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.