CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3601 CVE-2017-1000117 284 2017-10-04 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
3602 CVE-2017-1000112 362 Mem. Corr. 2017-10-04 2018-08-05
6.9
None Local Medium Not required Complete Complete Complete
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
3603 CVE-2017-1000107 284 Bypass 2017-10-04 2017-11-01
6.5
None Remote Low Single system Partial Partial Partial
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.
3604 CVE-2017-1000096 284 Exec Code 2017-10-04 2019-07-05
6.5
None Remote Low Single system Partial Partial Partial
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.
3605 CVE-2017-1000093 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.
3606 CVE-2017-1000091 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
3607 CVE-2017-1000090 352 CSRF 2017-10-04 2017-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.
3608 CVE-2017-1000086 352 CSRF 2017-10-04 2017-11-02
6.0
None Remote Medium Single system Partial Partial Partial
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
3609 CVE-2017-1000083 77 Exec Code 2017-09-05 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
3610 CVE-2017-1000071 264 Bypass 2017-07-17 2017-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
3611 CVE-2017-1000069 352 CSRF 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
3612 CVE-2017-1000067 89 Sql 2017-07-17 2017-07-21
6.5
None Remote Low Single system Partial Partial Partial
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
3613 CVE-2017-1000053 502 Exec Code 2017-07-17 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
3614 CVE-2017-1000045 352 Bypass CSRF 2017-07-17 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking
3615 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
3616 CVE-2017-1000017 918 2017-07-17 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
3617 CVE-2017-1000010 264 Exec Code 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution
3618 CVE-2017-1000008 352 CSRF 2017-07-17 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
3619 CVE-2017-18569 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The my-wp-translate plugin before 1.0.4 for WordPress has CSRF.
3620 CVE-2017-18547 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.
3621 CVE-2017-18546 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The jayj-quicktag plugin before 1.3.2 for WordPress has CSRF.
3622 CVE-2017-18544 352 CSRF 2019-08-16 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF.
3623 CVE-2017-18523 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book.
3624 CVE-2017-18521 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n.
3625 CVE-2017-18513 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface.
3626 CVE-2017-18512 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF.
3627 CVE-2017-18511 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF.
3628 CVE-2017-18510 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related to set location, import actions, and export actions.
3629 CVE-2017-18504 352 CSRF 2019-08-12 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
The twitter-cards-meta plugin before 2.5.0 for WordPress has CSRF.
3630 CVE-2017-18486 332 2019-08-09 2019-08-19
6.5
None Remote Low Single system Partial Partial Partial
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user.
3631 CVE-2017-18475 20 2019-08-05 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
3632 CVE-2017-18474 200 +Info 2019-08-05 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
3633 CVE-2017-18469 20 Exec Code 2019-08-05 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
3634 CVE-2017-18468 94 Exec Code 2019-08-05 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
3635 CVE-2017-18447 20 Exec Code 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
3636 CVE-2017-18446 125 2019-08-02 2019-08-14
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
3637 CVE-2017-18439 20 Exec Code 2019-08-02 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
3638 CVE-2017-18438 611 Exec Code 2019-08-02 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
3639 CVE-2017-18403 284 Exec Code 2019-08-02 2019-08-13
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
3640 CVE-2017-18389 74 2019-08-02 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
3641 CVE-2017-18381 254 2019-07-30 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.
3642 CVE-2017-18376 264 2019-06-02 2019-06-24
6.5
None Remote Low Single system Partial Partial Partial
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
3643 CVE-2017-18375 502 2019-05-24 2019-05-29
6.5
None Remote Low Single system Partial Partial Partial
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
3644 CVE-2017-18366 352 CSRF 2019-04-15 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.1.5 has CSRF in blog/delete/.
3645 CVE-2017-18348 264 +Priv 2018-10-19 2018-12-04
6.9
None Local Medium Not required Complete Complete Complete
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.
3646 CVE-2017-18309 129 2018-10-26 2018-12-11
6.6
None Local Low Not required Complete Complete None
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.
3647 CVE-2017-18305 284 2018-10-23 2018-12-07
6.9
None Local Medium Not required Complete Complete Complete
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
3648 CVE-2017-18283 20 Mem. Corr. 2018-10-23 2018-12-06
6.1
None Local Network Low Not required None None Complete
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
3649 CVE-2017-18266 74 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
3650 CVE-2017-18260 89 Sql 2018-04-10 2018-05-16
6.5
None Remote Low Single system Partial Partial Partial
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.