CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2017-15299 476 DoS 2017-10-14 2018-10-30
4.9
None Local Low Not required None None Complete
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
302 CVE-2017-15298 400 DoS 2017-10-14 2020-05-02
4.3
None Remote Medium Not required None None Partial
Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.
303 CVE-2017-15297 287 2017-10-16 2018-12-10
5.0
None Remote Low Not required None None Partial
SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.
304 CVE-2017-15296 352 CSRF 2017-10-16 2018-12-10
6.8
None Remote Medium Not required Partial Partial Partial
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.
305 CVE-2017-15295 287 2017-10-16 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
306 CVE-2017-15294 79 XSS 2017-10-16 2019-04-17
4.3
None Remote Medium Not required None Partial None
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.
307 CVE-2017-15293 287 2017-10-16 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
308 CVE-2017-15291 79 XSS 2017-10-20 2017-11-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
309 CVE-2017-15290 319 2017-10-12 2019-10-03
5.0
None Remote Low Not required Partial None None
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality.
310 CVE-2017-15287 79 XSS 2017-10-12 2017-10-27
4.3
None Remote Medium Not required None Partial None
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
311 CVE-2017-15286 476 2017-10-12 2017-10-27
5.0
None Remote Low Not required None None Partial
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.
312 CVE-2017-15285 20 Exec Code 2017-10-12 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.
313 CVE-2017-15284 79 Exec Code XSS 2017-10-12 2020-08-03
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
314 CVE-2017-15281 119 DoS Overflow 2017-10-12 2020-09-08
6.8
None Remote Medium Not required Partial Partial Partial
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)."
315 CVE-2017-15280 611 +Info 2017-10-12 2017-10-25
4.3
None Remote Medium Not required Partial None None
XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.
316 CVE-2017-15279 79 XSS 2017-10-12 2017-10-25
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.
317 CVE-2017-15278 79 Exec Code XSS 2017-10-12 2017-10-26
3.5
None Remote Medium ??? None Partial None
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
318 CVE-2017-15277 200 +Info 2017-10-12 2018-10-18
4.3
None Remote Medium Not required Partial None None
ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.
319 CVE-2017-15276 22 +Priv Dir. Trav. 2017-10-13 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation.
320 CVE-2017-15274 476 DoS 2017-10-12 2018-03-16
4.9
None Local Low Not required None None Complete
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
321 CVE-2017-15273 79 XSS 2017-10-31 2017-11-13
3.5
None Remote Medium ??? None Partial None
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
322 CVE-2017-15268 772 2017-10-12 2019-10-03
5.0
None Remote Low Not required None None Partial
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
323 CVE-2017-15267 476 2017-10-11 2018-02-04
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
324 CVE-2017-15266 369 2017-10-11 2018-02-04
4.3
None Remote Medium Not required None None Partial
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
325 CVE-2017-15265 362 DoS 2017-10-16 2020-07-15
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
326 CVE-2017-15264 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4."
327 CVE-2017-15263 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4."
328 CVE-2017-15262 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c."
329 CVE-2017-15261 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35."
330 CVE-2017-15260 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59."
331 CVE-2017-15259 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a."
332 CVE-2017-15258 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c."
333 CVE-2017-15257 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a."
334 CVE-2017-15256 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8."
335 CVE-2017-15255 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0."
336 CVE-2017-15254 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5."
337 CVE-2017-15253 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2."
338 CVE-2017-15252 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb."
339 CVE-2017-15251 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326."
340 CVE-2017-15250 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19."
341 CVE-2017-15249 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6."
342 CVE-2017-15248 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6."
343 CVE-2017-15247 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1."
344 CVE-2017-15246 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b."
345 CVE-2017-15245 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76."
346 CVE-2017-15244 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
347 CVE-2017-15243 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4."
348 CVE-2017-15242 119 DoS Exec Code Overflow 2017-10-11 2017-10-27
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."
349 CVE-2017-15241 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."
350 CVE-2017-15240 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."
Total number of vulnerabilities : 1339   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.