CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2951 CVE-2017-1000141 640 2018-01-30 2018-06-13
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address.
2952 CVE-2017-1000139 918 2017-11-03 2017-11-15
6.0
None Remote Medium Single system Partial Partial Partial
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
2953 CVE-2017-1000134 264 2017-11-03 2017-11-15
6.5
None Remote Low Single system Partial Partial Partial
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
2954 CVE-2017-1000120 89 Exec Code Sql 2017-10-04 2017-10-13
6.5
None Remote Low Single system Partial Partial Partial
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
2955 CVE-2017-1000119 434 Exec Code 2017-10-04 2017-10-25
6.5
None Remote Low Single system Partial Partial Partial
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
2956 CVE-2017-1000117 284 2017-10-04 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
2957 CVE-2017-1000112 362 Mem. Corr. 2017-10-04 2018-08-05
6.9
None Local Medium Not required Complete Complete Complete
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
2958 CVE-2017-1000107 284 Bypass 2017-10-04 2017-11-01
6.5
None Remote Low Single system Partial Partial Partial
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.
2959 CVE-2017-1000096 284 Exec Code 2017-10-04 2017-10-17
6.5
None Remote Low Single system Partial Partial Partial
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.
2960 CVE-2017-1000093 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.
2961 CVE-2017-1000091 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
2962 CVE-2017-1000090 352 CSRF 2017-10-04 2017-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.
2963 CVE-2017-1000086 352 CSRF 2017-10-04 2017-11-02
6.0
None Remote Medium Single system Partial Partial Partial
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
2964 CVE-2017-1000083 77 Exec Code 2017-09-05 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
2965 CVE-2017-1000071 264 Bypass 2017-07-17 2017-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
2966 CVE-2017-1000069 352 CSRF 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
2967 CVE-2017-1000067 89 Sql 2017-07-17 2017-07-21
6.5
None Remote Low Single system Partial Partial Partial
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
2968 CVE-2017-1000053 502 Exec Code 2017-07-17 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
2969 CVE-2017-1000045 352 Bypass CSRF 2017-07-17 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking
2970 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
2971 CVE-2017-1000017 918 2017-07-17 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
2972 CVE-2017-1000010 264 Exec Code 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution
2973 CVE-2017-1000008 352 CSRF 2017-07-17 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
2974 CVE-2017-18366 352 CSRF 2019-04-15 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.1.5 has CSRF in blog/delete/.
2975 CVE-2017-18348 264 +Priv 2018-10-19 2018-12-04
6.9
None Local Medium Not required Complete Complete Complete
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.
2976 CVE-2017-18309 129 2018-10-26 2018-12-11
6.6
None Local Low Not required Complete Complete None
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.
2977 CVE-2017-18305 284 2018-10-23 2018-12-07
6.9
None Local Medium Not required Complete Complete Complete
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
2978 CVE-2017-18283 20 Mem. Corr. 2018-10-23 2018-12-06
6.1
None Local Network Low Not required None None Complete
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
2979 CVE-2017-18266 74 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
2980 CVE-2017-18260 89 Sql 2018-04-10 2018-05-16
6.5
None Remote Low Single system Partial Partial Partial
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
2981 CVE-2017-18234 416 DoS 2018-03-15 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.
2982 CVE-2017-18223 287 2018-03-10 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
2983 CVE-2017-18220 416 DoS 2018-03-05 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
2984 CVE-2017-18213 264 2018-03-03 2018-03-27
6.5
None Remote Low Single system Partial Partial Partial
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
2985 CVE-2017-18209 476 2018-03-01 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
2986 CVE-2017-18205 476 2018-02-27 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
2987 CVE-2017-18202 416 DoS 2018-02-27 2018-09-26
6.9
None Local Medium Not required Complete Complete Complete
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
2988 CVE-2017-18198 125 DoS 2018-02-24 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
2989 CVE-2017-18179 287 2018-02-12 2018-03-05
6.5
None Remote Low Single system Partial Partial Partial
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
2990 CVE-2017-18122 347 Bypass 2018-02-02 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
2991 CVE-2017-18120 415 2018-02-02 2018-02-14
6.8
None Remote Medium Not required Partial Partial Partial
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
2992 CVE-2017-18108 94 Exec Code 2019-03-29 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
2993 CVE-2017-18106 287 2019-03-29 2019-04-01
6.0
None Remote Medium Single system Partial Partial Partial
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.
2994 CVE-2017-18105 384 2019-03-29 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
2995 CVE-2017-18101 275 2018-04-10 2018-05-17
6.4
None Remote Low Not required Partial Partial None
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
2996 CVE-2017-18087 264 Exec Code 2018-02-15 2018-10-12
6.0
None Remote Medium Single system Partial Partial Partial
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
2997 CVE-2017-18080 352 CSRF 2018-02-02 2018-02-13
6.8
None Remote Medium Not required Partial Partial Partial
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
2998 CVE-2017-18048 434 Exec Code 2018-01-23 2018-02-08
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
2999 CVE-2017-18042 352 CSRF 2018-02-02 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
3000 CVE-2017-18026 77 Exec Code 2018-01-10 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.