CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4901 CVE-2017-17511 74 2017-12-14 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
KildClient 3.1.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to prefs.c and worldgui.c.
4902 CVE-2017-17509 787 2017-12-10 2017-12-19
6.8
None Remote Medium Not required Partial Partial Partial
In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.
4903 CVE-2017-17503 125 2017-12-10 2019-06-29
6.8
None Remote Medium Not required Partial Partial Partial
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
4904 CVE-2017-17502 125 2017-12-10 2019-06-29
6.8
None Remote Medium Not required Partial Partial Partial
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
4905 CVE-2017-17501 125 2017-12-10 2019-06-29
6.8
None Remote Medium Not required Partial Partial Partial
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
4906 CVE-2017-17500 125 2017-12-10 2019-06-29
6.8
None Remote Medium Not required Partial Partial Partial
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
4907 CVE-2017-17498 119 DoS Overflow 2017-12-10 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
4908 CVE-2017-17476 200 +Priv +Info 2017-12-20 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
4909 CVE-2017-17475 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.
4910 CVE-2017-17474 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.
4911 CVE-2017-17473 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.
4912 CVE-2017-17472 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730030.
4913 CVE-2017-17471 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82732140.
4914 CVE-2017-17470 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730054.
4915 CVE-2017-17469 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730008, a different vulnerability than CVE-2017-16948.
4916 CVE-2017-17467 119 DoS Overflow 2017-12-08 2017-12-18
6.1
None Local Low Not required Partial Partial Complete
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.
4917 CVE-2017-17426 190 Overflow 2017-12-05 2017-12-15
6.8
None Remote Medium Not required Partial Partial Partial
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
4918 CVE-2017-17324 190 Exec Code Overflow 2018-03-09 2018-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks the user to install a crafted application, successful exploit could cause malicious code execution.
4919 CVE-2017-17318 20 DoS 2018-04-30 2018-06-06
6.1
None Local Network Low Not required None None Complete
Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability.
4920 CVE-2017-17226 20 Exec Code 2018-03-09 2018-03-30
6.8
None Remote Medium Not required Partial Partial Partial
The TripAdvisor app with the versions before TAMobileApp-24.6.4 pre-installed in some Huawei mobile phones have an arbitrary URL loading vulnerability due to insufficient input validation and improper configuration. An attacker may exploit this vulnerability to invoke TripAdvisor to load a specific URL and execute malicious code contained in the URL.
4921 CVE-2017-17222 20 Exec Code 2018-03-09 2018-03-27
6.5
None Remote Low Single system Partial Partial Partial
Import Language Package function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after Language Package is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.
4922 CVE-2017-17221 20 Exec Code 2018-03-09 2018-03-27
6.5
None Remote Low Single system Partial Partial Partial
Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace 8950 V200R003C00; V200R003C30 has a remote code execution vulnerability. An authenticated, remote attacker can craft and send the packets to the affected products after the Signal Tone is uploaded. Due to insufficient verification of the packets, this could be exploited to execute arbitrary code.
4923 CVE-2017-17215 20 Exec Code 2018-03-20 2018-04-19
6.5
None Remote Low Single system Partial Partial Partial
Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
4924 CVE-2017-17171 20 DoS 2018-06-01 2018-07-27
6.3
None Remote Medium Single system None None Complete
Some Huawei smart phones have the denial of service (DoS) vulnerability due to the improper processing of malicious parameters. An attacker may trick a target user into installing a malicious APK and launch attacks using a pre-installed app with specific permissions. Successful exploit could allow the app to send specific parameters to the smart phone driver, which will result in system restart.
4925 CVE-2017-17159 20 2018-02-15 2018-03-14
6.1
None Local Network Low Not required None None Complete
Some Huawei smart phones with software of NXT-AL10C00B386, NXT-CL00C92B386, NXT-DL00C17B386, NXT-TL00C01B386SP01, NTS-AL00C00B535 have a DoS vulnerability due to insufficient input validation. An unauthenticated attacker could send malformed System Information(SI) messages to the smart phone within radio range by special wireless device. Successful exploit could make the smart phone restart.
4926 CVE-2017-17131 835 2018-03-05 2019-10-02
6.3
None Remote Medium Single system None None Complete
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
4927 CVE-2017-17130 119 DoS Overflow 2017-12-04 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
The ff_free_picture_tables function in libavcodec/mpegpicture.c in Libav 12.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv.
4928 CVE-2017-17129 476 DoS 2017-12-04 2017-12-15
6.8
None Remote Medium Not required Partial Partial Partial
The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
4929 CVE-2017-17126 119 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.
4930 CVE-2017-17125 125 DoS 2017-12-04 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.
4931 CVE-2017-17124 119 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which allows remote attackers to cause a denial of service (excessive memory consumption, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted COFF binary.
4932 CVE-2017-17122 190 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
4933 CVE-2017-17121 119 DoS Overflow 2017-12-04 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.
4934 CVE-2017-17103 89 Sql 2017-12-04 2017-12-15
6.5
None Remote Low Single system Partial Partial Partial
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges.
4935 CVE-2017-17095 119 DoS Overflow 2017-12-02 2018-12-01
6.8
None Remote Medium Not required Partial Partial Partial
tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.
4936 CVE-2017-17091 330 Bypass 2017-12-02 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string.
4937 CVE-2017-17056 352 CSRF 2017-12-04 2017-12-20
6.8
None Remote Medium Not required Partial Partial Partial
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to the /accounts/password_change/ URI. An attacker takes advantage of this scenario and creates a crafted CSRF link to add himself as an administrator to the ZKTime Web Software. He then uses social engineering methods to trick the administrator into clicking the forged HTTP request. The request is executed and the attacker becomes the Administrator of the ZKTime Web Software. If the vulnerability is successfully exploited, then an attacker (who would be a normal user of the web application) can escalate his privileges and become the administrator of ZKTime Web Software.
4938 CVE-2017-17053 416 2017-11-28 2018-12-19
6.9
None Local Medium Not required Complete Complete Complete
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
4939 CVE-2017-17020 78 Exec Code 2018-05-01 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
4940 CVE-2017-17010 426 +Priv 2017-12-27 2018-01-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
4941 CVE-2017-16955 89 Exec Code Sql 2017-11-27 2017-12-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php.
4942 CVE-2017-16941 434 Exec Code 2017-11-25 2017-12-20
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. NOTE: the vendor says "I don't think [an attacker able to login to the system under an account that has access to manage/upload themes] is a threat model that we need to be considering."
4943 CVE-2017-16938 119 Overflow 2017-11-24 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file.
4944 CVE-2017-16933 732 +Priv 2017-11-24 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.
4945 CVE-2017-16909 119 Overflow 2018-12-07 2018-12-28
6.8
None Remote Medium Not required Partial Partial Partial
An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
4946 CVE-2017-16905 94 Exec Code 2018-01-05 2018-01-24
6.8
None Remote Medium Not required Partial Partial Partial
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.
4947 CVE-2017-16886 352 CSRF 2018-01-12 2018-02-02
6.8
None Remote Medium Not required Partial Partial Partial
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.
4948 CVE-2017-16879 119 DoS Exec Code Overflow 2017-11-22 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.
4949 CVE-2017-16871 94 Exec Code 2017-11-17 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary.
4950 CVE-2017-16870 918 2017-11-17 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.