CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2017-15595 400 DoS +Priv 2017-10-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
252 CVE-2017-15594 DoS +Priv 2017-10-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
253 CVE-2017-15593 772 DoS 2017-10-18 2019-10-02
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
254 CVE-2017-15592 668 DoS +Priv 2017-10-18 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
255 CVE-2017-15591 20 DoS 2017-10-18 2018-01-15
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.
256 CVE-2017-15590 DoS +Priv 2017-10-18 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
257 CVE-2017-15589 200 +Info 2017-10-18 2018-10-19
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory.
258 CVE-2017-15588 362 Exec Code 2017-10-18 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
259 CVE-2017-15587 190 Overflow 2017-10-18 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
260 CVE-2017-15583 200 +Info File Inclusion 2017-10-18 2017-11-08
5.0
None Remote Low Not required Partial None None
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
261 CVE-2017-15582 798 2017-10-27 2019-10-02
5.0
None Remote Low Not required Partial None None
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
262 CVE-2017-15581 311 +Info 2017-10-27 2019-10-02
5.0
None Remote Low Not required Partial None None
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
263 CVE-2017-15580 434 2017-10-23 2018-08-10
7.5
None Remote Low Not required Partial Partial Partial
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
264 CVE-2017-15579 89 Sql 2017-10-17 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
265 CVE-2017-15578 89 Sql 2017-10-17 2017-11-08
6.0
None Remote Medium Single system Partial Partial Partial
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
266 CVE-2017-15577 200 +Info 2017-10-17 2018-05-04
5.0
None Remote Low Not required Partial None None
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
267 CVE-2017-15576 200 +Info 2017-10-17 2018-05-04
5.0
None Remote Low Not required Partial None None
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
268 CVE-2017-15575 +Info 2017-10-17 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
269 CVE-2017-15574 79 XSS 2017-10-17 2018-05-04
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
270 CVE-2017-15573 79 XSS 2017-10-17 2018-05-04
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
271 CVE-2017-15572 532 +Info 2017-10-17 2018-05-04
5.0
None Remote Low Not required Partial None None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
272 CVE-2017-15571 79 XSS 2017-10-17 2018-05-04
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
273 CVE-2017-15570 79 XSS 2017-10-17 2018-05-04
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
274 CVE-2017-15569 79 XSS 2017-10-17 2018-05-04
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list.
275 CVE-2017-15568 79 XSS 2017-10-17 2018-05-04
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history.
276 CVE-2017-15567 +Priv 2017-10-23 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. NOTE: the vendor disputes this because there is no command shell in the product or in the associated SDK.
277 CVE-2017-15565 476 2017-10-17 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
278 CVE-2017-15539 89 Sql 2017-10-17 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
279 CVE-2017-15538 79 +Priv XSS 2017-10-17 2018-06-19
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php.
280 CVE-2017-15537 200 +Info 2017-10-17 2018-01-12
2.1
None Local Low Not required Partial None None
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
281 CVE-2017-15535 2017-10-31 2017-11-22
6.4
None Remote Low Not required None Partial Partial
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
282 CVE-2017-15385 119 DoS Overflow 2017-10-16 2017-10-27
6.8
None Remote Medium Not required Partial Partial Partial
The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file.
283 CVE-2017-15384 79 XSS 2017-10-16 2017-10-27
4.3
None Remote Medium Not required None Partial None
rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action.
284 CVE-2017-15383 428 2017-10-16 2017-11-06
7.2
None Local Low Not required Complete Complete Complete
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.
285 CVE-2017-15381 89 Sql 2017-10-23 2017-10-31
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
286 CVE-2017-15380 79 XSS 2017-10-23 2017-10-31
4.3
None Remote Medium Not required None Partial None
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.
287 CVE-2017-15379 89 Sql Bypass 2017-10-23 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
288 CVE-2017-15378 89 Sql 2017-10-23 2017-10-31
6.5
None Remote Low Single system Partial Partial Partial
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
289 CVE-2017-15377 2017-10-23 2019-10-02
5.0
None Remote Low Not required None None Partial
In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
290 CVE-2017-15376 94 Exec Code 2017-10-16 2017-11-07
10.0
None Remote Low Not required Complete Complete Complete
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
291 CVE-2017-15375 79 XSS 2017-10-16 2017-11-06
4.3
None Remote Medium Not required None Partial None
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` parameters of the `wpjb-email`, `wpjb-job`, `wpjb-application`, and `wpjb-membership` modules. Remote attackers are able to inject malicious script code to hijack admin session credentials via the backend, or to manipulate the backend on client-side performed requests. The attack vector is non-persistent and the request method to inject is GET. The attacker does not need a privileged user account to perform a successful exploitation.
292 CVE-2017-15374 79 Exec Code +Priv XSS 2017-10-16 2018-01-23
4.3
None Remote Medium Not required None Partial None
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.
293 CVE-2017-15373 89 Sql 2017-10-16 2017-10-27
7.5
None Remote Low Not required Partial Partial Partial
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
294 CVE-2017-15372 119 DoS Overflow 2017-10-16 2018-10-20
4.3
None Remote Medium Not required None None Partial
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
295 CVE-2017-15371 617 DoS 2017-10-16 2019-10-02
4.3
None Remote Medium Not required None None Partial
There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
296 CVE-2017-15370 119 DoS Overflow 2017-10-16 2018-10-20
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
297 CVE-2017-15369 416 DoS 2017-10-15 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF before 2017-09-25 mishandles a certain case where a variable may reside in a register, which allows remote attackers to cause a denial of service (Fitz fz_drop_imp use-after-free and application crash) or possibly have unspecified other impact via a crafted PDF document.
298 CVE-2017-15368 125 DoS 2017-10-15 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call.
299 CVE-2017-15366 532 2017-10-26 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.
300 CVE-2017-15364 415 DoS 2017-10-15 2017-11-01
4.3
None Remote Medium Not required None None Partial
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file.
Total number of vulnerabilities : 1435   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.