CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
2 CVE-2017-1000373 400 Exec Code 2017-06-19 2017-07-05
6.4
None Remote Low Not required None Partial Partial
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
3 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-06-09
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
4 CVE-2017-1000364 119 Overflow Bypass 2017-06-19 2017-07-06
6.2
None Local High Not required Complete Complete Complete
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
5 CVE-2017-1000069 352 CSRF 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
6 CVE-2017-1000067 89 Sql 2017-07-17 2017-07-21
6.5
None Remote Low Single system Partial Partial Partial
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
7 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
8 CVE-2017-1000017 918 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
9 CVE-2017-1000010 264 Exec Code 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution
10 CVE-2017-11450 20 DoS 2017-07-19 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
11 CVE-2017-11449 20 DoS 2017-07-19 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
12 CVE-2017-11403 416 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
13 CVE-2017-11335 787 DoS Exec Code Overflow 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.
14 CVE-2017-11310 119 Overflow 2017-07-13 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
15 CVE-2017-11200 89 Sql 2017-07-12 2017-07-16
6.5
None Remote Low Single system Partial Partial Partial
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
16 CVE-2017-11196 352 CSRF 2017-07-12 2017-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
17 CVE-2017-11193 352 CSRF 2017-07-12 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.
18 CVE-2017-11190 119 DoS Overflow 2017-07-12 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.
19 CVE-2017-11173 284 2017-07-12 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
20 CVE-2017-11170 399 2017-07-11 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
21 CVE-2017-11147 119 Overflow 2017-07-10 2017-07-18
6.4
None Remote Low Not required Partial None Partial
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
22 CVE-2017-11111 119 DoS Overflow 2017-07-08 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
23 CVE-2017-11110 119 DoS Overflow 2017-07-08 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses before the beginning of the tmpBuf buffer.
24 CVE-2017-11109 416 DoS 2017-07-08 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
25 CVE-2017-11103 345 2017-07-13 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.
26 CVE-2017-11101 476 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.
27 CVE-2017-11100 476 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.
28 CVE-2017-11099 20 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.
29 CVE-2017-11098 20 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.
30 CVE-2017-11097 476 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
31 CVE-2017-11096 476 2017-07-07 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.
32 CVE-2017-10929 119 DoS Overflow 2017-07-05 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.
33 CVE-2017-10928 119 Overflow +Info 2017-07-05 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
34 CVE-2017-10926 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
35 CVE-2017-10925 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae."
36 CVE-2017-10924 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529."
37 CVE-2017-10915 362 2017-07-04 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
38 CVE-2017-10914 415 DoS +Priv +Info 2017-07-04 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
39 CVE-2017-10805 264 2017-07-04 2017-07-12
6.5
None Remote Low Single system Partial Partial Partial
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.
40 CVE-2017-10735 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca."
41 CVE-2017-10734 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to an "Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
42 CVE-2017-10733 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031."
43 CVE-2017-10732 119 DoS Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpAllocateHeap+0x0000000000000429."
44 CVE-2017-10731 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80."
45 CVE-2017-10730 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d96."
46 CVE-2017-10729 119 DoS Exec Code Overflow 2017-07-05 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpWaitOnCriticalSection+0x0000000000000121."
47 CVE-2017-10728 119 DoS Exec Code Overflow 2017-07-05 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
48 CVE-2017-10727 119 DoS Exec Code Overflow 2017-07-05 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f."
49 CVE-2017-10726 119 DoS Exec Code Overflow 2017-07-05 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951."
50 CVE-2017-10681 352 CSRF 2017-06-29 2017-07-04
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.