CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4701 CVE-2017-14644 787 DoS Exec Code Overflow 2017-09-21 2017-09-28
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
4702 CVE-2017-14639 843 DoS 2017-09-21 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspecified other impact.
4703 CVE-2017-14635 20 +Priv 2017-09-21 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.
4704 CVE-2017-14627 119 Exec Code Overflow 2017-09-23 2018-12-14
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
4705 CVE-2017-14617 20 2017-09-20 2017-09-27
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.
4706 CVE-2017-14611 918 2018-04-10 2018-05-17
6.4
None Remote Low Not required Partial Partial None
SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.
4707 CVE-2017-14608 125 2017-09-20 2017-09-27
6.4
None Remote Low Not required Partial None Partial
In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
4708 CVE-2017-14589 20 Exec Code 2017-12-13 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Bamboo. All versions of Bamboo before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.
4709 CVE-2017-14530 352 XSS CSRF 2017-09-17 2017-09-28
6.0
None Remote Medium Single system Partial Partial Partial
WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.
4710 CVE-2017-14527 611 DoS 2017-09-27 2017-10-10
6.5
None Remote Low Single system Partial Partial Partial
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
4711 CVE-2017-14526 611 DoS 2017-09-27 2017-10-06
6.5
None Remote Low Single system Partial Partial Partial
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
4712 CVE-2017-14521 434 2018-01-26 2019-04-26
6.5
None Remote Low Single system Partial Partial Partial
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
4713 CVE-2017-14520 20 2017-09-17 2018-01-08
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
4714 CVE-2017-14518 20 2017-09-17 2018-01-08
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
4715 CVE-2017-14509 20 File Inclusion 2017-09-17 2017-12-29
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.
4716 CVE-2017-14508 89 Sql 2017-09-17 2017-12-29
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.
4717 CVE-2017-14500 78 Exec Code 2017-09-17 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.
4718 CVE-2017-14487 290 2017-12-01 2019-10-02
6.4
None Remote Low Not required Partial Partial None
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, user_id, and token fields in data/data/com.ohmibod.remote2/shared_prefs/OMB.xml.
4719 CVE-2017-14484 269 Exec Code +Priv 2017-09-15 2019-10-02
6.9
Admin Local Medium Not required Complete Complete Complete
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
4720 CVE-2017-14482 Exec Code 2017-09-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
4721 CVE-2017-14458 416 Exec Code 2018-04-23 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
4722 CVE-2017-14457 125 DoS +Info 2018-01-19 2018-02-06
6.4
None Remote Low Not required Partial None Partial
An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.
4723 CVE-2017-14452 119 Overflow 2018-08-23 2018-11-02
6.5
None Remote Low Single system Partial Partial Partial
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability.
4724 CVE-2017-14449 415 2018-04-24 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.
4725 CVE-2017-14448 119 Exec Code Overflow 2018-04-24 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
4726 CVE-2017-14442 119 Exec Code Overflow 2018-04-24 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
4727 CVE-2017-14441 190 Exec Code Overflow 2018-04-24 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
4728 CVE-2017-14440 119 Exec Code Overflow 2018-04-24 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
4729 CVE-2017-14412 787 DoS 2017-09-12 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.
4730 CVE-2017-14411 787 DoS Exec Code Overflow 2017-09-12 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
4731 CVE-2017-14409 787 DoS Exec Code Overflow 2017-09-12 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
4732 CVE-2017-14405 78 Exec Code 2017-09-12 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.
4733 CVE-2017-14399 434 2017-09-12 2017-09-19
6.5
None Remote Low Single system Partial Partial Partial
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
4734 CVE-2017-14388 20 2017-11-13 2017-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 do not validate DiffIDs, allowing specially crafted images to poison the grootfs volume cache. For example, this could allow an attacker to provide an image layer that GrootFS would consider to be the Ubuntu base layer.
4735 CVE-2017-14387 2017-12-20 2019-10-02
6.4
None Remote Low Not required Partial Partial None
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
4736 CVE-2017-14362 352 CSRF 2017-12-12 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.
4737 CVE-2017-14353 94 Exec Code 2017-10-05 2017-11-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
4738 CVE-2017-14348 119 Overflow 2017-09-12 2017-09-20
6.8
None Remote Medium Not required Partial Partial Partial
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
4739 CVE-2017-14337 287 2017-09-12 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
4740 CVE-2017-14332 2017-10-23 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hijack sessions by determining SessionID values.
4741 CVE-2017-14320 20 Exec Code 2017-09-21 2017-10-04
6.0
None Remote Medium Single system Partial Partial Partial
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.
4742 CVE-2017-14267 352 CSRF 2017-09-11 2017-09-15
6.8
None Remote Medium Not required Partial Partial Partial
EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings.
4743 CVE-2017-14266 119 Overflow 2017-09-12 2017-09-25
6.8
None Remote Medium Not required Partial Partial Partial
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.
4744 CVE-2017-14261 119 Overflow 2017-09-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.
4745 CVE-2017-14260 119 Exec Code Overflow 2017-09-11 2018-09-19
6.8
None Remote Medium Not required Partial Partial Partial
In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.
4746 CVE-2017-14259 119 Exec Code Overflow 2017-09-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.
4747 CVE-2017-14258 119 Exec Code Overflow 2017-09-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file.
4748 CVE-2017-14257 119 Overflow 2017-09-11 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file.
4749 CVE-2017-14251 434 Exec Code 2017-09-11 2017-12-03
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.
4750 CVE-2017-14250 20 2017-10-31 2017-11-22
6.8
None Remote Low Single system None None Complete
In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the "Wireless Settings" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.