CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2017-15924 78 2017-10-27 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions.
102 CVE-2017-15922 125 2017-10-26 2018-02-04
4.3
None Remote Medium Not required None None Partial
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
103 CVE-2017-15921 476 2017-10-30 2017-11-18
5.0
None Remote Low Not required None None Partial
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
104 CVE-2017-15920 476 2017-10-30 2017-11-18
5.0
None Remote Low Not required None None Partial
In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.
105 CVE-2017-15919 89 Sql 2017-10-26 2017-11-14
7.5
None Remote Low Not required Partial Partial Partial
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
106 CVE-2017-15917 269 2017-10-26 2019-10-03
4.0
None Remote Low ??? Partial None None
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
107 CVE-2017-15909 798 2017-10-26 2017-11-15
7.5
None Remote Low Not required Partial Partial Partial
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
108 CVE-2017-15908 835 2017-10-26 2022-02-20
5.0
None Remote Low Not required None None Partial
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service.
109 CVE-2017-15907 89 Exec Code Sql 2017-10-26 2017-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
110 CVE-2017-15906 732 2017-10-26 2020-08-24
5.0
None Remote Low Not required None Partial None
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
111 CVE-2017-15885 79 XSS 2017-10-25 2017-11-14
4.3
None Remote Medium Not required None Partial None
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.
112 CVE-2017-15884 362 2017-10-31 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
113 CVE-2017-15882 400 DoS 2017-10-26 2017-11-16
5.0
None Remote Low Not required None None Partial
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.
114 CVE-2017-15880 89 Exec Code Sql 2017-10-24 2021-02-23
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
115 CVE-2017-15879 20 2017-10-24 2017-11-14
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
116 CVE-2017-15878 79 XSS 2017-10-24 2017-11-14
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
117 CVE-2017-15874 191 2017-10-24 2017-10-31
4.3
None Remote Medium Not required None None Partial
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
118 CVE-2017-15873 190 Overflow 2017-10-24 2021-02-18
4.3
None Remote Medium Not required None None Partial
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
119 CVE-2017-15871 835 DoS 2017-10-24 2019-11-18
5.0
None Remote Low Not required None None Partial
** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file.
120 CVE-2017-15867 79 XSS 2017-10-24 2017-11-14
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name, (6) browser, (7) operating_system, or (8) ip_address parameter to admin/partials/listing/listing.php.
121 CVE-2017-15863 79 XSS 2017-10-24 2017-11-14
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to wp-admin/options-general.php.
122 CVE-2017-15812 79 XSS 2017-10-23 2017-11-17
4.3
None Remote Medium Not required None Partial None
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.
123 CVE-2017-15810 79 XSS 2017-10-23 2017-11-14
4.3
None Remote Medium Not required None Partial None
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php.
124 CVE-2017-15809 79 XSS 2017-10-23 2017-10-25
4.3
None Remote Medium Not required None Partial None
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
125 CVE-2017-15808 352 CSRF 2017-10-23 2017-10-25
6.8
None Remote Medium Not required Partial Partial Partial
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
126 CVE-2017-15805 22 Dir. Trav. 2017-10-23 2017-11-08
5.0
None Remote Low Not required Partial None None
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
127 CVE-2017-15804 119 Overflow 2017-10-22 2018-06-20
7.5
None Remote Low Not required Partial Partial Partial
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
128 CVE-2017-15803 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000150."
129 CVE-2017-15802 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087."
130 CVE-2017-15801 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResSearchResourceInsideDirectory+0x000000000000029e."
131 CVE-2017-15800 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls subsequent Write Address starting at ntdll!memcpy+0x00000000000000a0."
132 CVE-2017-15799 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceNamesInternal+0x000000000000074a."
133 CVE-2017-15798 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceNamesInternal+0x0000000000000609."
134 CVE-2017-15797 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation on Block Data Move starting at TOOLS!IVLoadImage_W+0x00000000000020b9."
135 CVE-2017-15796 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpSearchResourceSection_U+0x0000000000000386."
136 CVE-2017-15795 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpSearchResourceSection_U+0x00000000000002bd."
137 CVE-2017-15794 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpResSearchResourceInsideDirectory+0x0000000000000257."
138 CVE-2017-15793 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls subsequent Write Address starting at ntdll!memcpy+0x00000000000000a5."
139 CVE-2017-15792 119 DoS Overflow 2017-10-22 2017-10-25
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!EnumResourceTypesInternal+0x00000000000007b2."
140 CVE-2017-15791 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address controls Branch Selection starting at ntdll!LdrpResCompareResourceNames+0x00000000000000de."
141 CVE-2017-15790 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.50 (64bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to a "Read Access Violation starting at ntdll!LdrpResCompareResourceNames+0x0000000000000120."
142 CVE-2017-15789 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000048e7."
143 CVE-2017-15788 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x0000000000002d83."
144 CVE-2017-15787 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."
145 CVE-2017-15786 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."
146 CVE-2017-15785 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."
147 CVE-2017-15784 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."
148 CVE-2017-15783 119 DoS Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADImage+0x0000000000285ce1."
149 CVE-2017-15782 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."
150 CVE-2017-15781 119 DoS Exec Code Overflow 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76."
Total number of vulnerabilities : 1249   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.