CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2017 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9301 125 DoS 2017-05-29 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
2 CVE-2017-9300 119 DoS Overflow 2017-05-29 2017-11-23
6.8
None Remote Medium Not required Partial Partial Partial
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
3 CVE-2017-9294 Exec Code 2017-05-29 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
4 CVE-2017-9265 125 2017-05-29 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
5 CVE-2017-9264 125 2017-05-29 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
6 CVE-2017-9232 862 2017-05-28 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
7 CVE-2017-9228 787 Mem. Corr. 2017-05-24 2022-07-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
8 CVE-2017-9227 125 2017-05-24 2022-07-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.
9 CVE-2017-9226 787 Mem. Corr. 2017-05-24 2022-07-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
10 CVE-2017-9225 787 Overflow 2017-05-24 2017-06-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
11 CVE-2017-9224 125 2017-05-24 2022-07-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.
12 CVE-2017-9214 191 2017-05-23 2021-08-04
7.5
None Remote Low Not required Partial Partial Partial
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
13 CVE-2017-9212 134 2017-05-23 2019-10-03
7.8
None Remote Low Not required None None Complete
The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the CD/Multimedia software via %x or %c format string specifiers in a device name.
14 CVE-2017-9200 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63.
15 CVE-2017-9199 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.
16 CVE-2017-9198 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.
17 CVE-2017-9197 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55.
18 CVE-2017-9196 190 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7.
19 CVE-2017-9195 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:620:27.
20 CVE-2017-9194 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:559:29.
21 CVE-2017-9193 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-tga.c:538:33.
22 CVE-2017-9192 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7.
23 CVE-2017-9191 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the rle_fread function in input-tga.c:252:15.
24 CVE-2017-9188 20 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63.
25 CVE-2017-9187 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7.
26 CVE-2017-9186 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17.
27 CVE-2017-9185 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.
28 CVE-2017-9184 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7.
29 CVE-2017-9183 704 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:309:7.
30 CVE-2017-9173 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:497:29.
31 CVE-2017-9172 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:496:29.
32 CVE-2017-9171 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24.
33 CVE-2017-9170 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25.
34 CVE-2017-9169 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:355:25.
35 CVE-2017-9168 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:353:25.
36 CVE-2017-9167 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:337:25.
37 CVE-2017-9166 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.
38 CVE-2017-9165 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.
39 CVE-2017-9164 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.
40 CVE-2017-9163 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54.
41 CVE-2017-9162 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2.
42 CVE-2017-9161 190 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23.
43 CVE-2017-9160 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in the pnmscanner_gettoken function in input-pnm.c:458:12.
44 CVE-2017-9153 119 Overflow 2017-05-23 2019-03-19
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_rawpbm function in input-pnm.c:391:13.
45 CVE-2017-9152 125 2017-05-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.
46 CVE-2017-9151 119 Overflow 2017-05-23 2017-05-28
7.5
None Remote Low Not required Partial Partial Partial
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.
47 CVE-2017-9148 287 Bypass 2017-05-29 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
48 CVE-2017-9146 119 DoS Overflow 2017-05-22 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
49 CVE-2017-9138 119 Overflow Bypass 2017-05-21 2017-06-02
7.7
None Local Network Low ??? Complete Complete Complete
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password.
50 CVE-2017-9137 1188 2017-05-21 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default password of mateidu for the mateidu account (a hidden user account established by the vendor). This account can be accessed via both the web interface and SSH. In the web interface, this simply grants an attacker read-only access to the device's settings. However, when using SSH, this gives an attacker access to a Linux shell. NOTE: the vendor has commented "The mateidu user is a known user, which is mentioned in the FibeAir IP-10 User Guide. Customers are instructed to change the mateidu user password. Changing the user password fully solves the vulnerability."
Total number of vulnerabilities : 499   Page : 1 (This Page)2 3 4 5 6 7 8 9 10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.