CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4501 CVE-2017-7600 20 DoS 2017-04-09 2018-03-21
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type unsigned char" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
4502 CVE-2017-7599 20 DoS 2017-04-09 2018-03-21
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type short" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
4503 CVE-2017-7597 20 DoS 2017-04-09 2018-03-21
6.8
None Remote Medium Not required Partial Partial Partial
tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
4504 CVE-2017-7596 20 DoS 2017-04-09 2018-03-21
6.8
None Remote Medium Not required Partial Partial Partial
LibTIFF 4.0.7 has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
4505 CVE-2017-7592 20 DoS 2017-04-09 2018-03-21
6.8
None Remote Medium Not required Partial Partial Partial
The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
4506 CVE-2017-7584 119 DoS Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
4507 CVE-2017-7578 119 DoS Overflow 2017-04-07 2017-04-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.
4508 CVE-2017-7571 352 CSRF 2017-04-06 2017-08-15
6.0
None Remote Medium Single system Partial Partial Partial
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
4509 CVE-2017-7570 94 Exec Code 2017-04-07 2017-04-13
6.5
None Remote Low Single system Partial Partial Partial
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.
4510 CVE-2017-7565 22 Exec Code Dir. Trav. 2017-04-06 2017-04-12
6.5
None Remote Low Single system Partial Partial Partial
Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041.
4511 CVE-2017-7563 264 Bypass 2017-06-07 2017-06-15
6.8
None Remote Medium Not required Partial Partial Partial
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits).
4512 CVE-2017-7557 352 CSRF 2017-08-22 2018-09-17
6.8
None Remote Medium Not required Partial Partial Partial
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
4513 CVE-2017-7556 352 CSRF 2017-08-17 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
4514 CVE-2017-7553 918 2017-09-28 2017-12-30
6.5
None Remote Low Single system Partial Partial Partial
The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
4515 CVE-2017-7544 125 2017-09-21 2017-10-05
6.4
None Remote Low Not required Partial None Partial
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.
4516 CVE-2017-7533 362 DoS +Priv Mem. Corr. 2017-08-05 2018-01-04
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
4517 CVE-2017-7530 264 2018-07-26 2018-10-01
6.5
None Remote Low Single system Partial Partial Partial
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).
4518 CVE-2017-7506 119 Overflow 2017-07-18 2018-11-08
6.5
None Remote Low Single system Partial Partial Partial
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
4519 CVE-2017-7505 264 2017-05-26 2017-06-09
6.5
None Remote Low Single system Partial Partial Partial
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
4520 CVE-2017-7489 264 2017-05-15 2017-05-23
6.5
None Remote Low Single system Partial Partial Partial
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
4521 CVE-2017-7477 119 DoS Overflow 2017-04-25 2018-01-04
6.9
None Local Medium Not required Complete Complete Complete
Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.
4522 CVE-2017-7461 22 Dir. Trav. 2017-04-11 2017-04-18
6.8
None Remote Low Single system Complete None None
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
4523 CVE-2017-7447 352 Exec Code CSRF 2017-04-05 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
4524 CVE-2017-7446 352 CSRF 2017-04-05 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
4525 CVE-2017-7442 22 Exec Code Dir. Trav. 2017-08-03 2017-08-09
6.8
None Remote Medium Not required Partial Partial Partial
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
4526 CVE-2017-7431 352 CSRF 2017-05-03 2017-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have persistent CSRF in object management.
4527 CVE-2017-7429 295 Exec Code 2018-03-02 2018-03-19
6.5
None Remote Low Single system Partial Partial Partial
The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server.
4528 CVE-2017-7426 611 DoS +Info 2018-03-01 2018-03-22
6.4
None Remote Low Not required Partial None Partial
The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity (XXE) handling flaws that could be used by attackers to leak information or cause denial of service attacks.
4529 CVE-2017-7423 352 CSRF 2017-08-21 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
4530 CVE-2017-7411 94 Exec Code 2017-10-30 2017-12-27
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
4531 CVE-2017-7404 352 DoS CSRF 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An attacker can host a page that sends a POST request to Form2File.htm that tries to upload Firmware to victim's Router. This causes the router to reboot/crash resulting in Denial of Service. An attacker may succeed in uploading malicious Firmware.
4532 CVE-2017-7398 352 CSRF 2017-04-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing the Security option from WPA2 to None, or changing the hiddenSSID parameter, SSID parameter, or a security-option password.
4533 CVE-2017-7393 415 DoS Exec Code 2017-03-31 2018-01-12
6.5
None Remote Low Single system Partial Partial Partial
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
4534 CVE-2017-7358 22 Dir. Trav. 2017-04-05 2017-08-15
6.9
None Local Medium Not required Complete Complete Complete
In LightDM through 1.22.0, a directory traversal issue in debian/guest-account.sh allows local attackers to own arbitrary directory path locations and escalate privileges to root when the guest user logs out.
4535 CVE-2017-7357 434 Exec Code 2017-04-14 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
4536 CVE-2017-7337 284 CSRF 2017-05-26 2017-05-31
6.4
None Remote Low Not required Partial Partial None
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.
4537 CVE-2017-7327 426 2018-01-19 2018-02-01
6.8
None Remote Medium Not required Partial Partial Partial
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
4538 CVE-2017-7323 284 Exec Code 2017-03-30 2017-03-31
6.8
None Remote Medium Not required Partial Partial Partial
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism.
4539 CVE-2017-7322 295 Exec Code 2017-03-30 2017-03-31
6.8
None Remote Medium Not required Partial Partial Partial
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.
4540 CVE-2017-7310 119 Exec Code Overflow 2017-03-29 2018-03-07
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
4541 CVE-2017-7297 264 2017-03-28 2017-04-04
6.5
None Remote Low Single system Partial Partial Partial
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
4542 CVE-2017-7290 89 Exec Code Sql 2017-03-30 2017-04-03
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses "into outfile" to create a backdoor program.
4543 CVE-2017-7284 255 2017-04-12 2017-04-20
6.5
None Remote Low Single system Partial Partial Partial
An attacker that has hijacked a Unitrends Enterprise Backup (before 9.1.2) web server session can leverage api/includes/users.php to change the password of the logged in account without knowing the current password. This allows for an account takeover.
4544 CVE-2017-7281 434 Exec Code 2017-04-12 2017-04-20
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A lack of sanitization of user input in the createReportName and saveReport functions in recoveryconsole/bpl/reports.php allows for an authenticated user to create a randomly named file on disk with a user-controlled extension, contents, and path, leading to remote code execution, aka Unrestricted File Upload.
4545 CVE-2017-7277 125 DoS +Info 2017-03-28 2017-03-31
6.6
None Local Low Not required Complete None Complete
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
4546 CVE-2017-7264 416 DoS 2017-03-26 2017-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
4547 CVE-2017-7263 125 DoS 2017-03-26 2017-03-28
6.8
None Remote Medium Not required Partial Partial Partial
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.
4548 CVE-2017-7246 119 DoS Overflow 2017-03-23 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
4549 CVE-2017-7245 119 DoS Overflow 2017-03-23 2018-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
4550 CVE-2017-7235 254 Exec Code 2017-03-23 2017-03-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.