CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2017-17124 119 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.
3102 CVE-2017-17122 190 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
3103 CVE-2017-17121 119 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.
3104 CVE-2017-17103 89 Sql 2017-12-04 2017-12-15
6.5
None Remote Low Single system Partial Partial Partial
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
3105 CVE-2017-17095 119 DoS Overflow 2017-12-02 2018-12-01
6.8
None Remote Medium Not required Partial Partial Partial
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
3106 CVE-2017-17091 284 Bypass 2017-12-02 2018-02-03
6.5
None Remote Low Single system Partial Partial Partial
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
3107 CVE-2017-17056 352 CSRF 2017-12-04 2017-12-20
6.8
None Remote Medium Not required Partial Partial Partial
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software.
3108 CVE-2017-17053 416 2017-11-28 2018-12-19
6.9
None Local Medium Not required Complete Complete Complete
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
3109 CVE-2017-17020 77 Exec Code 2018-05-01 2018-06-13
6.5
None Remote Low Single system Partial Partial Partial
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
3110 CVE-2017-17010 426 +Priv 2017-12-27 2018-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
3111 CVE-2017-16955 89 Exec Code Sql 2017-11-27 2017-12-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.
3112 CVE-2017-16941 434 Exec Code 2017-11-25 2017-12-20
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering."
3113 CVE-2017-16938 119 Overflow 2017-11-24 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
3114 CVE-2017-16933 264 +Priv 2017-11-24 2018-03-14
6.9
None Local Medium Not required Complete Complete Complete
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
3115 CVE-2017-16909 119 Overflow 2018-12-07 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
3116 CVE-2017-16905 94 Exec Code 2018-01-05 2018-01-24
6.8
None Remote Medium Not required Partial Partial Partial
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.
3117 CVE-2017-16886 352 CSRF 2018-01-12 2018-02-02
6.8
None Remote Medium Not required Partial Partial Partial
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.
3118 CVE-2017-16879 119 DoS Exec Code Overflow 2017-11-22 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
3119 CVE-2017-16871 94 Exec Code 2017-11-17 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary.
3120 CVE-2017-16870 918 2017-11-17 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary.
3121 CVE-2017-16869 119 DoS Overflow 2017-11-17 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."
3122 CVE-2017-16857 284 Bypass 2017-12-05 2017-12-22
6.0
None Remote Medium Single system Partial Partial Partial
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.
3123 CVE-2017-16853 347 2017-11-16 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
3124 CVE-2017-16852 347 2017-11-16 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
3125 CVE-2017-16839 255 2018-03-29 2018-04-20
6.9
None Local Medium Not required Complete Complete Complete
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
3126 CVE-2017-16832 190 DoS 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
3127 CVE-2017-16831 190 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
3128 CVE-2017-16830 190 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.
3129 CVE-2017-16829 125 DoS 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.
3130 CVE-2017-16828 190 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
3131 CVE-2017-16827 119 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
3132 CVE-2017-16826 119 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
3133 CVE-2017-16797 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.
3134 CVE-2017-16796 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
3135 CVE-2017-16793 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
3136 CVE-2017-16786 200 +Info 2017-12-19 2018-01-08
6.8
None Remote Low Single system Complete None None
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
3137 CVE-2017-16776 255 Bypass 2017-12-15 2018-01-02
6.8
None Remote Medium Not required Partial Partial Partial
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.
3138 CVE-2017-16773 285 Bypass 2018-07-05 2018-09-07
6.5
None Remote Low Single system Partial Partial Partial
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
3139 CVE-2017-16772 20 Exec Code 2018-03-22 2018-04-18
6.5
None Remote Low Single system Partial Partial Partial
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
3140 CVE-2017-16766 74 2017-12-22 2018-01-09
6.4
None Remote Low Not required Partial Partial None
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
3141 CVE-2017-16756 352 CSRF 2018-02-19 2018-03-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.
3142 CVE-2017-16751 119 Exec Code Overflow 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code.
3143 CVE-2017-16749 416 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.
3144 CVE-2017-16747 787 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area.
3145 CVE-2017-16745 704 Exec Code 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.
3146 CVE-2017-16744 22 Dir. Trav. 2018-08-20 2019-04-03
6.5
None Remote Low Single system Partial Partial Partial
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
3147 CVE-2017-16739 119 Exec Code Overflow 2018-01-12 2018-01-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
3148 CVE-2017-16737 119 Overflow 2018-01-12 2018-01-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
3149 CVE-2017-16732 416 2018-01-11 2018-01-31
6.4
None Remote Low Not required None Partial Partial
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
3150 CVE-2017-16727 255 2017-12-21 2018-01-09
6.4
None Remote Low Not required Partial Partial None
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.