CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2017-15730 352 CSRF 2017-10-22 2019-03-14
6.8
None Remote Medium Not required Partial Partial Partial
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
202 CVE-2017-15729 352 CSRF 2017-10-22 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
203 CVE-2017-15723 476 2017-10-22 2019-03-14
5.0
None Remote Low Not required None None Partial
In Irssi before 1.0.5, overlong nicks or targets may result in a NULL pointer dereference while splitting the message.
204 CVE-2017-15722 125 2017-10-22 2019-03-14
4.3
None Remote Medium Not required None None Partial
In certain cases, Irssi before 1.0.5 may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string.
205 CVE-2017-15721 476 2017-10-22 2019-03-14
5.0
None Remote Low Not required None None Partial
In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages could cause a NULL pointer dereference. This is a separate, but similar, issue relative to CVE-2017-9468.
206 CVE-2017-15687 79 XSS 2017-10-23 2017-11-17
4.3
None Remote Medium Not required None Partial None
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
207 CVE-2017-15671 772 DoS 2017-10-20 2019-10-03
4.3
None Remote Medium Not required None None Partial
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
208 CVE-2017-15670 119 Overflow 2017-10-20 2018-06-20
7.5
None Remote Low Not required Partial Partial Partial
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.
209 CVE-2017-15651 20 Exec Code 2017-10-20 2017-10-31
6.5
None Remote Low ??? Partial Partial Partial
PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.
210 CVE-2017-15650 119 Overflow 2017-10-19 2017-11-08
5.0
None Remote Low Not required None None Partial
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
211 CVE-2017-15649 362 +Priv 2017-10-19 2018-08-24
4.6
None Local Low Not required Partial Partial Partial
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
212 CVE-2017-15648 79 XSS 2017-10-19 2017-11-07
4.3
None Remote Medium Not required None Partial None
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
213 CVE-2017-15647 22 Dir. Trav. 2017-10-19 2017-11-07
5.0
None Remote Low Not required Partial None None
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
214 CVE-2017-15646 79 Exec Code XSS 2017-10-19 2017-11-08
4.3
None Remote Medium Not required None Partial None
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
215 CVE-2017-15645 352 Exec Code CSRF 2017-10-19 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
216 CVE-2017-15644 918 2017-10-19 2017-11-07
5.0
None Remote Low Not required None Partial None
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
217 CVE-2017-15643 444 Exec Code 2017-10-19 2017-11-14
7.6
None Remote High Not required Complete Complete Complete
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file.
218 CVE-2017-15642 416 2017-10-19 2021-06-24
4.3
None Remote Medium Not required None None Partial
In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.
219 CVE-2017-15639 611 Bypass 2017-10-19 2017-11-08
4.0
None Remote Low ??? Partial None None
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
220 CVE-2017-15612 79 XSS 2017-10-19 2017-11-07
4.3
None Remote Medium Not required None Partial None
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
221 CVE-2017-15611 732 2017-10-19 2019-10-03
4.0
None Remote Low ??? None Partial None
In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges.
222 CVE-2017-15610 200 +Info 2017-10-19 2017-10-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certificates managed by Octopus, including the private key.
223 CVE-2017-15609 311 +Info 2017-10-19 2019-10-03
5.0
None Remote Low Not required Partial None None
Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.
224 CVE-2017-15602 835 2017-10-18 2019-10-03
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
225 CVE-2017-15601 119 Overflow 2017-10-18 2018-02-04
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTOR_png_extract_method function in plugins/png_extractor.c, related to processiTXt and stndup.
226 CVE-2017-15600 476 2017-10-18 2018-02-04
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EXTRACTOR_nsf_extract_method function of plugins/nsf_extractor.c.
227 CVE-2017-15597 119 DoS Overflow Mem. Corr. +Info 2017-10-30 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
228 CVE-2017-15596 400 DoS 2017-10-18 2017-11-04
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.
229 CVE-2017-15595 400 DoS +Priv 2017-10-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
230 CVE-2017-15594 DoS +Priv 2017-10-18 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
231 CVE-2017-15593 772 DoS 2017-10-18 2019-10-03
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.
232 CVE-2017-15592 668 DoS +Priv 2017-10-18 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
233 CVE-2017-15591 20 DoS 2017-10-18 2018-01-16
4.9
None Local Low Not required None None Complete
An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.
234 CVE-2017-15590 DoS +Priv 2017-10-18 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
235 CVE-2017-15588 362 Exec Code 2017-10-18 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
236 CVE-2017-15587 190 Overflow 2017-10-18 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
237 CVE-2017-15583 200 +Info File Inclusion 2017-10-18 2017-11-08
5.0
None Remote Low Not required Partial None None
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
238 CVE-2017-15582 798 2017-10-27 2019-10-03
5.0
None Remote Low Not required Partial None None
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
239 CVE-2017-15581 311 +Info 2017-10-27 2019-10-03
5.0
None Remote Low Not required Partial None None
In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.
240 CVE-2017-15580 434 2017-10-23 2019-03-26
7.5
None Remote Low Not required Partial Partial Partial
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
241 CVE-2017-15579 89 Sql 2017-10-18 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
242 CVE-2017-15578 89 Sql 2017-10-18 2017-11-08
6.0
None Remote Medium ??? Partial Partial Partial
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
243 CVE-2017-15577 200 +Info 2017-10-18 2019-03-14
5.0
None Remote Low Not required Partial None None
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information.
244 CVE-2017-15576 200 +Info 2017-10-18 2019-03-14
5.0
None Remote Low Not required Partial None None
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information.
245 CVE-2017-15575 +Info 2017-10-18 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact.
246 CVE-2017-15574 79 XSS 2017-10-18 2019-03-14
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment.
247 CVE-2017-15573 79 XSS 2017-10-18 2019-03-14
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content.
248 CVE-2017-15572 532 +Info 2017-10-18 2019-03-14
5.0
None Remote Low Not required Partial None None
In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.
249 CVE-2017-15571 79 XSS 2017-10-18 2019-03-14
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data.
250 CVE-2017-15570 79 XSS 2017-10-18 2019-03-14
4.3
None Remote Medium Not required None Partial None
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data.
Total number of vulnerabilities : 1249   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.