CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2017-7286 Overflow 2017-04-10 2017-04-12
0.0
None ??? ??? ??? ??? ??? ???
The Linux kernel package 3.16.0-28 on Ubuntu 14.04 LTS mishandles a series of mmap system calls for /dev/zero with different starting addresses, with a stated impact of "allowing for a local user to possibly gain root access," aka an "inode integer overflow."
1102 CVE-2017-6925 2019-01-15 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
1103 CVE-2017-6924 2019-01-15 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
In Drupal 8 prior to 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module enabled, the comment entity REST resource enabled, and where an attacker can access a user account on the site with permissions to post comments, or where anonymous users can post comments.
1104 CVE-2017-6923 2019-01-22 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access restrictions on the view. It is best practice to always include some form of access restrictions on all views, even if you are using another module to display them.
1105 CVE-2017-6922 Bypass 2019-01-22 2019-01-23
0.0
None ??? ??? ??? ??? ??? ???
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not previously provide this protection, allowing an access bypass vulnerability to occur. This issue is mitigated by the fact that in order to be affected, the site must allow anonymous users to upload files into a private file system.
1106 CVE-2017-6921 2019-01-15 2019-01-16
0.0
None ??? ??? ??? ??? ??? ???
In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.
1107 CVE-2017-5716 DoS Exec Code Overflow 2017-09-05 2017-09-05
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in ConnMan Project connection manager daemon version 1.34 and earlier allows a remote attacker to conduct a denial of service and remote code execution via malformed DNS packets.
1108 CVE-2017-3718 2019-01-10 2019-01-10
0.0
None ??? ??? ??? ??? ??? ???
Improper setting of device configuration in system firmware for Intel(R) NUC kits may allow a privileged user to potentially enable escalation of privilege via physical access.
1109 CVE-2017-3145 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
1110 CVE-2017-3144 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.
1111 CVE-2017-3143 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
1112 CVE-2017-3142 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
1113 CVE-2017-3141 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
1114 CVE-2017-3140 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
1115 CVE-2017-3138 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
1116 CVE-2017-3137 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
1117 CVE-2017-3136 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
1118 CVE-2017-3135 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
1119 CVE-2017-1298 DoS 2017-04-28 2017-04-28
0.0
None ??? ??? ??? ??? ??? ???
A denial of service vulnerability has been discovered in 40-GbE network interface modules for IBM Security Network Protection XGS 7100 appliance. IBM X-Force ID: 125160.
1120 CVE-2016-10904 Sql 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
The olimometer plugin before 2.57 for WordPress has SQL injection.
1121 CVE-2016-10894 2019-08-15 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
1122 CVE-2016-10888 Sql 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues.
1123 CVE-2016-10887 Sql 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPress has multiple SQL injection issues.
1124 CVE-2016-10886 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.
1125 CVE-2016-10885 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
1126 CVE-2016-10884 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
1127 CVE-2016-10883 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF for deleting users.
1128 CVE-2016-10882 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
1129 CVE-2016-10881 XSS 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The google-document-embedder plugin before 2.6.2 for WordPress has XSS.
1130 CVE-2016-10880 XSS 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The google-document-embedder plugin before 2.6.1 for WordPress has XSS.
1131 CVE-2016-10864 XSS 2019-08-08 2019-08-08
0.0
None ??? ??? ??? ??? ??? ???
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.
1132 CVE-2016-10545 Exec Code 2018-07-05 2018-07-05
0.0
None ??? ??? ??? ??? ??? ???
thor ruby gem suffers from a command injection vulnerability due to the use of `open-uri`'s open() as used in Thor::Actions#get, allowing for execution of system commands.
1133 CVE-2016-9778 2019-01-16 2019-01-17
0.0
None ??? ??? ??? ??? ??? ???
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.
1134 CVE-2016-6328 Overflow 2018-10-31 2018-10-31
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
1135 CVE-2016-5402 Exec Code 2018-10-31 2018-11-01
0.0
None ??? ??? ??? ??? ??? ???
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
1136 CVE-2016-2125 2018-10-31 2018-11-01
0.0
None ??? ??? ??? ??? ??? ???
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.
1137 CVE-2016-2123 Mem. Corr. 2018-11-01 2018-11-02
0.0
None ??? ??? ??? ??? ??? ???
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
1138 CVE-2016-2121 2018-10-31 2018-11-01
0.0
None ??? ??? ??? ??? ??? ???
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.
1139 CVE-2016-2120 Overflow 2018-11-01 2018-11-02
0.0
None ??? ??? ??? ??? ??? ???
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
1140 CVE-2016-0260 DoS 2016-06-28 2016-06-28
0.0
None ??? ??? ??? ??? ??? ???
Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before 8.0.0.5 allows remote attackers to cause a denial of service (heap memory consumption) by triggering many errors.
1141 CVE-2015-9326 Sql 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
The wp-business-intelligence-lite plugin before 1.6.3 for WordPress has SQL injection.
1142 CVE-2015-9325 Sql 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
The visitors-online plugin before 0.4 for WordPress has SQL injection.
1143 CVE-2015-9324 Sql 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
1144 CVE-2015-9323 Sql 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.
1145 CVE-2015-9322 CSRF 2019-08-16 2019-08-16
0.0
None ??? ??? ??? ??? ??? ???
The erident-custom-login-and-dashboard plugin before 3.5 for WordPress has CSRF.
1146 CVE-2015-9316 Sql 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.
1147 CVE-2015-9310 Sql 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues.
1148 CVE-2015-9309 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature.
1149 CVE-2015-9308 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.
1150 CVE-2015-9307 CSRF 2019-08-14 2019-08-14
0.0
None ??? ??? ??? ??? ??? ???
The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.
Total number of vulnerabilities : 1161   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.