CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3351 CVE-2017-18223 287 2018-03-10 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
3352 CVE-2017-18220 416 DoS 2018-03-05 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
3353 CVE-2017-18213 264 2018-03-03 2018-03-27
6.5
None Remote Low Single system Partial Partial Partial
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
3354 CVE-2017-18209 476 2018-03-01 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
3355 CVE-2017-18205 476 2018-02-27 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
3356 CVE-2017-18202 416 DoS 2018-02-27 2018-09-26
6.9
None Local Medium Not required Complete Complete Complete
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
3357 CVE-2017-18198 125 DoS 2018-02-24 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
3358 CVE-2017-18179 287 2018-02-12 2018-03-05
6.5
None Remote Low Single system Partial Partial Partial
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
3359 CVE-2017-18122 347 Bypass 2018-02-02 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
3360 CVE-2017-18120 415 2018-02-02 2018-02-14
6.8
None Remote Medium Not required Partial Partial Partial
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
3361 CVE-2017-18108 94 Exec Code 2019-03-29 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
3362 CVE-2017-18106 287 2019-03-29 2019-04-01
6.0
None Remote Medium Single system Partial Partial Partial
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.
3363 CVE-2017-18105 384 2019-03-29 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
3364 CVE-2017-18101 275 2018-04-10 2018-05-17
6.4
None Remote Low Not required Partial Partial None
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
3365 CVE-2017-18087 264 Exec Code 2018-02-15 2018-10-12
6.0
None Remote Medium Single system Partial Partial Partial
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
3366 CVE-2017-18080 352 CSRF 2018-02-02 2018-02-13
6.8
None Remote Medium Not required Partial Partial Partial
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
3367 CVE-2017-18048 434 Exec Code 2018-01-23 2018-02-08
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
3368 CVE-2017-18042 352 CSRF 2018-02-02 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
3369 CVE-2017-18026 77 Exec Code 2018-01-10 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
3370 CVE-2017-17990 352 CSRF 2017-12-29 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
3371 CVE-2017-17987 434 2017-12-29 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
3372 CVE-2017-17983 89 Sql 2017-12-29 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
3373 CVE-2017-17982 352 CSRF 2017-12-29 2018-01-09
6.0
None Remote Medium Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.
3374 CVE-2017-17973 416 2017-12-29 2018-02-11
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.
3375 CVE-2017-17969 787 DoS Exec Code Overflow 2018-01-30 2018-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
3376 CVE-2017-17960 352 CSRF 2017-12-28 2018-04-12
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
3377 CVE-2017-17950 89 Sql 2017-12-28 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
3378 CVE-2017-17945 295 2019-06-24 2019-07-03
6.4
None Remote Low Not required Partial Partial None
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
3379 CVE-2017-17944 295 2019-06-20 2019-06-21
6.4
None Remote Low Not required Partial Partial None
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
3380 CVE-2017-17942 119 Overflow 2017-12-28 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
3381 CVE-2017-17941 89 Sql 2017-12-28 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
3382 CVE-2017-17939 352 CSRF 2017-12-28 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.
3383 CVE-2017-17936 352 CSRF 2017-12-28 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Vanguard Marketplace Digital Products PHP has CSRF via /search.
3384 CVE-2017-17930 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.
3385 CVE-2017-17920 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3386 CVE-2017-17919 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3387 CVE-2017-17917 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3388 CVE-2017-17916 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3389 CVE-2017-17915 119 Overflow 2017-12-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
3390 CVE-2017-17913 119 Overflow 2017-12-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
3391 CVE-2017-17912 119 Overflow 2017-12-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
3392 CVE-2017-17908 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
3393 CVE-2017-17905 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
3394 CVE-2017-17903 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
3395 CVE-2017-17894 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Readymade Job Site Script has CSRF via the /job URI.
3396 CVE-2017-17891 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Readymade Video Sharing Script has CSRF via user-profile-edit.php.
3397 CVE-2017-17880 119 Overflow 2017-12-27 2018-01-01
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
3398 CVE-2017-17879 119 Overflow 2017-12-27 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
3399 CVE-2017-17874 434 2017-12-27 2018-01-11
6.5
None Remote Low Single system Partial Partial Partial
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
3400 CVE-2017-17866 119 DoS Overflow 2017-12-27 2018-11-05
6.8
None Remote Medium Not required Partial Partial Partial
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.