CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4801 CVE-2017-2903 190 Exec Code Overflow 2018-04-24 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
4802 CVE-2017-2902 190 Exec Code Overflow 2018-04-24 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
4803 CVE-2017-2901 190 Exec Code Overflow 2018-04-24 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
4804 CVE-2017-2900 190 Exec Code Overflow 2018-04-24 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
4805 CVE-2017-2899 190 Exec Code Overflow 2018-04-24 2018-08-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.
4806 CVE-2017-2897 787 Exec Code Mem. Corr. 2017-11-20 2018-04-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
4807 CVE-2017-2896 787 Exec Code Mem. Corr. 2017-11-20 2018-04-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
4808 CVE-2017-2895 125 DoS 2017-11-07 2017-11-28
6.4
None Remote Low Not required Partial None Partial
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.
4809 CVE-2017-2888 190 Exec Code Overflow 2017-10-11 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
4810 CVE-2017-2887 119 Exec Code Overflow 2017-10-11 2018-04-30
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.
4811 CVE-2017-2886 787 Exec Code Mem. Corr. 2017-12-11 2017-12-27
6.8
None Remote Medium Not required Partial Partial Partial
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.
4812 CVE-2017-2882 20 Exec Code 2017-11-07 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.
4813 CVE-2017-2880 119 Exec Code Overflow Mem. Corr. 2017-10-05 2017-10-13
6.8
None Remote Medium Not required Partial Partial Partial
An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability.
4814 CVE-2017-2878 119 Overflow 2018-09-19 2018-11-20
6.4
None Remote Low Not required None Partial Partial
An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4815 CVE-2017-2876 119 Overflow 2018-09-19 2018-11-20
6.4
None Remote Low Not required None Partial Partial
An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.
4816 CVE-2017-2875 119 Overflow 2018-09-19 2018-11-20
6.4
None Remote Low Not required None Partial Partial
An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.
4817 CVE-2017-2873 77 2018-09-19 2018-11-20
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4818 CVE-2017-2870 190 Exec Code Overflow 2017-09-05 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
4819 CVE-2017-2863 787 Mem. Corr. 2017-07-12 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.
4820 CVE-2017-2862 119 Exec Code Overflow 2017-09-05 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
4821 CVE-2017-2851 119 Overflow 2017-06-29 2017-07-05
6.0
None Remote Medium Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
4822 CVE-2017-2850 444 Bypass 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4823 CVE-2017-2849 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4824 CVE-2017-2848 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4825 CVE-2017-2847 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4826 CVE-2017-2846 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4827 CVE-2017-2845 77 Exec Code 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution
4828 CVE-2017-2844 77 Exec Code 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4829 CVE-2017-2842 77 Exec Code 2017-06-27 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4830 CVE-2017-2841 77 Exec Code 2017-06-27 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4831 CVE-2017-2840 119 Exec Code Overflow 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
4832 CVE-2017-2835 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.
4833 CVE-2017-2834 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.
4834 CVE-2017-2828 77 2017-06-21 2017-06-28
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4835 CVE-2017-2827 77 2017-06-21 2017-06-28
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
4836 CVE-2017-2825 16 2018-04-20 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
4837 CVE-2017-2824 77 Exec Code 2017-05-24 2017-11-05
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
4838 CVE-2017-2823 416 Exec Code 2017-05-24 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.
4839 CVE-2017-2822 119 Exec Code Overflow 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.
4840 CVE-2017-2821 416 Exec Code 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
4841 CVE-2017-2820 190 Exec Code Overflow 2017-07-12 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
4842 CVE-2017-2819 119 Exec Code Overflow 2017-05-24 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
4843 CVE-2017-2818 119 Overflow 2017-07-12 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
4844 CVE-2017-2817 119 Exec Code Overflow 2017-05-24 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability.
4845 CVE-2017-2816 119 Overflow 2017-09-13 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.
4846 CVE-2017-2814 119 Exec Code Overflow 2017-07-12 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
4847 CVE-2017-2813 190 Exec Code Overflow 2017-06-21 2017-07-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.
4848 CVE-2017-2812 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
4849 CVE-2017-2811 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.
4850 CVE-2017-2809 94 Exec Code 2017-09-14 2017-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.