CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4351 CVE-2017-3087 200 +Info 2017-06-20 2017-07-07
5.0
None Remote Low Not required Partial None None
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
4352 CVE-2017-3085 200 Bypass +Info 2017-08-11 2018-01-04
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
4353 CVE-2017-3080 200 Bypass +Info 2017-07-17 2018-01-04
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
4354 CVE-2017-3067 200 +Info 2017-05-09 2017-07-07
5.0
None Remote Low Not required Partial None None
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.
4355 CVE-2017-3009 119 Overflow 2017-03-31 2017-04-04
5.0
None Remote Low Not required Partial None None
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.
4356 CVE-2017-3000 200 +Info 2017-03-14 2018-01-04
5.0
None Remote Low Not required Partial None None
Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
4357 CVE-2017-2981 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4358 CVE-2017-2980 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4359 CVE-2017-2979 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4360 CVE-2017-2978 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4361 CVE-2017-2977 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4362 CVE-2017-2976 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4363 CVE-2017-2975 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4364 CVE-2017-2974 119 Overflow 2017-02-15 2017-07-24
5.0
None Remote Low Not required None None Partial
Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure.
4365 CVE-2017-2893 476 DoS 2017-11-07 2017-11-28
5.0
None Remote Low Not required None None Partial
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
4366 CVE-2017-2881 20 2017-11-07 2017-11-27
5.8
None Local Network Low Not required Partial Partial Partial
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.
4367 CVE-2017-2874 200 +Info 2018-09-17 2018-11-20
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.
4368 CVE-2017-2871 287 2018-04-17 2018-05-22
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.
4369 CVE-2017-2861 125 DoS 2018-04-05 2018-06-20
5.0
None Remote Low Not required None None Partial
An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
4370 CVE-2017-2860 125 DoS 2018-06-01 2018-07-05
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
4371 CVE-2017-2858 125 DoS 2018-06-01 2018-07-03
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
4372 CVE-2017-2852 125 DoS 2018-06-01 2018-07-03
5.0
None Remote Low Not required None None Partial
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
4373 CVE-2017-2831 119 Overflow 2017-06-21 2017-06-27
5.0
None Remote Low Not required None Partial None
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4374 CVE-2017-2830 119 Overflow 2017-06-21 2017-06-27
5.0
None Remote Low Not required None Partial None
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4375 CVE-2017-2815 611 DoS 2018-05-15 2018-06-19
5.5
None Remote Low Single system Partial None Partial
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.
4376 CVE-2017-2786 125 DoS 2017-03-10 2017-03-13
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service.
4377 CVE-2017-2735 749 2017-11-22 2017-12-11
5.8
None Remote Medium Not required None Partial Partial
TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties.
4378 CVE-2017-2720 200 +Info 2017-11-22 2017-12-08
5.0
None Remote Low Not required Partial None None
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
4379 CVE-2017-2712 417 2017-11-22 2017-12-08
5.0
None Remote Low Not required None None Partial
S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vulnerability due to the lack of type-length-value (TLV) consistency check. An attacker may craft malformed packets and send them to a device to cause EFM flapping.
4380 CVE-2017-2707 264 2017-11-22 2017-12-11
5.8
None Remote Medium Not required None Partial Partial
Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message.
4381 CVE-2017-2706 22 Dir. Trav. 2017-11-22 2017-12-11
5.8
None Remote Medium Not required None Partial Partial
Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are traversed. It could be exploited to cause the attacker to replace files and impact the service.
4382 CVE-2017-2704 200 +Info 2017-11-22 2017-12-12
5.0
None Remote Low Not required Partial None None
Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier versions,HwParentControl 2.0.0 and earlier versions,HwParentControlParent 5.1.0.12 and earlier versions,Crowdtest 1.5.3 and earlier versions,HiWallet 8.0.0.301 and earlier versions,Huawei Pay 8.0.0.300 and earlier versions,Skytone 8.1.2.300 and earlier versions,HwCloudDrive(EMUI6.0) 8.0.0.307 and earlier versions,HwPhoneFinder(EMUI6.0) 9.3.0.310 and earlier versions,HwPhoneFinder(EMUI5.1) 9.2.2.303 and earlier versions,HiCinema 8.0.2.300 and earlier versions,HuaweiWear 21.0.0.360 and earlier versions,HiHealthApp 3.0.3.300 and earlier versions have an information exposure vulnerability. Encryption keys are stored in the system. The attacker can implement reverse engineering to obtain the encryption keys, causing information exposure.
4383 CVE-2017-2700 399 2017-11-22 2017-12-14
5.0
None Remote Low Not required None None Partial
AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks.
4384 CVE-2017-2685 200 +Info 2017-03-01 2017-03-16
5.8
None Remote Medium Not required Partial Partial None
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.
4385 CVE-2017-2670 399 2018-07-27 2018-09-24
5.0
None Remote Low Not required None None Partial
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS.
4386 CVE-2017-2669 20 DoS 2018-06-21 2018-08-21
5.0
None Remote Low Not required None None Partial
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields could result in excessive memory usage causing the process to crash (and restart), or excessive CPU usage causing all authentications to hang.
4387 CVE-2017-2654 200 +Info 2018-08-06 2018-10-16
5.0
None Remote Low Not required Partial None None
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses.
4388 CVE-2017-2646 400 DoS 2018-07-27 2018-09-27
5.0
None Remote Low Not required None None Partial
It was found that when Keycloak before 2.5.5 receives a Logout request with a Extensions in the middle of the request, the SAMLSloRequestParser.parse() method ends in a infinite loop. An attacker could use this flaw to conduct denial of service attacks.
4389 CVE-2017-2643 200 +Info 2017-03-26 2017-07-11
5.0
None Remote Low Not required Partial None None
In Moodle 3.2.x, global search displays user names for unauthenticated users.
4390 CVE-2017-2639 295 2018-07-27 2018-10-02
5.0
None Remote Low Not required Partial None None
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
4391 CVE-2017-2613 352 CSRF 2018-05-15 2018-06-20
5.8
None Remote Medium Not required None Partial Partial
jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation CSRF using GET by admins. While this user record was only retained until restart in most cases, administrators' web browsers could be manipulated to create a large number of user records (SECURITY-406).
4392 CVE-2017-2612 254 2018-05-15 2018-06-20
5.5
None Remote Low Single system None Partial Partial
In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.
4393 CVE-2017-2599 275 2018-04-11 2018-05-22
5.5
None Remote Low Single system Partial Partial None
Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't have access to (SECURITY-321).
4394 CVE-2017-2594 22 Dir. Trav. 2018-05-08 2018-06-12
5.0
None Remote Low Not required Partial None None
hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root.
4395 CVE-2017-2591 125 2018-04-30 2018-06-12
5.0
None Remote Low Not required None None Partial
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
4396 CVE-2017-2590 275 DoS 2018-07-27 2018-09-24
5.5
None Remote Low Single system None Partial Partial
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.
4397 CVE-2017-2576 20 2017-01-20 2017-01-25
5.0
None Remote Low Not required None Partial None
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
4398 CVE-2017-2551 552 2017-09-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.
4399 CVE-2017-2550 200 +Info 2017-09-08 2017-09-18
5.0
None Remote Low Not required Partial None None
Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.
4400 CVE-2017-2498 295 Bypass 2017-05-22 2017-07-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 (This Page)89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.