CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3401 CVE-2017-15996 119 DoS Overflow 2017-10-29 2018-01-08
6.8
None Remote Medium Not required Partial Partial Partial
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
3402 CVE-2017-15957 434 2017-10-29 2017-11-17
6.5
None Remote Low Single system Partial Partial Partial
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
3403 CVE-2017-15950 119 Exec Code Overflow 2017-10-31 2017-11-21
6.8
None Remote Medium Not required Partial Partial Partial
Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.
3404 CVE-2017-15949 89 Sql 2017-10-27 2017-11-14
6.5
None Remote Low Single system Partial Partial Partial
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
3405 CVE-2017-15933 89 Exec Code Sql 2017-10-27 2017-11-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
3406 CVE-2017-15932 125 2017-10-27 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.
3407 CVE-2017-15931 125 2017-10-27 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
3408 CVE-2017-15930 476 2017-10-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
3409 CVE-2017-15914 284 2018-02-08 2018-02-27
6.5
None Remote Low Single system Partial Partial Partial
Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.
3410 CVE-2017-15913 426 2018-01-07 2018-06-15
6.8
None Remote Medium Not required Partial Partial Partial
The Installer in Whale allows DLL hijacking.
3411 CVE-2017-15896 388 Bypass 2017-12-11 2017-12-29
6.4
None Remote Low Not required Partial Partial None
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption.
3412 CVE-2017-15889 77 Exec Code 2017-12-04 2017-12-21
6.5
None Remote Low Single system Partial Partial Partial
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
3413 CVE-2017-15884 264 2017-10-31 2017-12-19
6.9
Admin Local Medium Not required Complete Complete Complete
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
3414 CVE-2017-15880 89 Exec Code Sql 2017-10-24 2017-11-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
3415 CVE-2017-15879 20 2017-10-24 2017-11-14
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
3416 CVE-2017-15829 362 2018-02-23 2018-03-12
6.9
None Local Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
3417 CVE-2017-15808 352 CSRF 2017-10-23 2017-10-25
6.8
None Remote Medium Not required Partial Partial Partial
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
3418 CVE-2017-15806 94 Exec Code 2017-11-15 2017-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
3419 CVE-2017-15803 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150."
3420 CVE-2017-15802 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087."
3421 CVE-2017-15801 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."
3422 CVE-2017-15800 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls subsequent Write Address starting at ntdll!memcpy+0x00000000000000a0."
3423 CVE-2017-15799 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceNamesInternal+0x000000000000074a."
3424 CVE-2017-15798 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceNamesInternal+0x0000000000000609."
3425 CVE-2017-15797 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation on Block Data Move starting at TOOLS!IVLoadImage_W+0x00000000000020b9."
3426 CVE-2017-15796 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpSearchResourceSection_U+0x0000000000000386."
3427 CVE-2017-15795 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpSearchResourceSection_U+0x00000000000002bd."
3428 CVE-2017-15794 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpResSearchResourceInsideDirectory+0x0000000000000257."
3429 CVE-2017-15793 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls subsequent Write Address starting at ntdll!memcpy+0x00000000000000a5."
3430 CVE-2017-15792 119 DoS Overflow 2017-10-22 2017-10-25
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x00000000000007b2."
3431 CVE-2017-15791 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll!LdrpResCompareResourceNames+0x00000000000000de."
3432 CVE-2017-15790 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpResCompareResourceNames+0x0000000000000120."
3433 CVE-2017-15789 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000048e7."
3434 CVE-2017-15788 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x0000000000002d83."
3435 CVE-2017-15787 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."
3436 CVE-2017-15786 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."
3437 CVE-2017-15785 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."
3438 CVE-2017-15784 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."
3439 CVE-2017-15783 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1."
3440 CVE-2017-15782 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."
3441 CVE-2017-15781 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76."
3442 CVE-2017-15780 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285dad."
3443 CVE-2017-15779 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."
3444 CVE-2017-15778 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."
3445 CVE-2017-15777 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750."
3446 CVE-2017-15776 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285ec1."
3447 CVE-2017-15775 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000259aa4."
3448 CVE-2017-15774 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADImage+0x0000000000221a9a."
3449 CVE-2017-15773 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285d79."
3450 CVE-2017-15772 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at CADImage+0x0000000000285e9d."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.