CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2017-15268 772 2017-10-12 2019-10-03
5.0
None Remote Low Not required None None Partial
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
302 CVE-2017-15267 476 2017-10-11 2018-02-04
5.0
None Remote Low Not required None None Partial
In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c.
303 CVE-2017-15266 369 2017-10-11 2018-02-04
4.3
None Remote Medium Not required None None Partial
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
304 CVE-2017-15265 362 DoS 2017-10-16 2020-07-15
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.
305 CVE-2017-15264 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at image00000000_00400000+0x00000000000236e4."
306 CVE-2017-15263 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x00000000000166c4."
307 CVE-2017-15262 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x0000000000048d0c."
308 CVE-2017-15261 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x0000000000057b35."
309 CVE-2017-15260 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000129a59."
310 CVE-2017-15259 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a."
311 CVE-2017-15258 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000161a9c."
312 CVE-2017-15257 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a."
313 CVE-2017-15256 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8."
314 CVE-2017-15255 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x00000000001601b0."
315 CVE-2017-15254 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5."
316 CVE-2017-15253 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x000000000007dff2."
317 CVE-2017-15252 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x00000000000158cb."
318 CVE-2017-15251 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326."
319 CVE-2017-15250 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132e19."
320 CVE-2017-15249 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x00000000000668d6."
321 CVE-2017-15248 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000000000063ca6."
322 CVE-2017-15247 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1."
323 CVE-2017-15246 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b."
324 CVE-2017-15245 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76."
325 CVE-2017-15244 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
326 CVE-2017-15243 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4."
327 CVE-2017-15242 119 DoS Exec Code Overflow 2017-10-11 2017-10-27
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."
328 CVE-2017-15241 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."
329 CVE-2017-15240 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."
330 CVE-2017-15239 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4."
331 CVE-2017-15238 416 2017-10-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
332 CVE-2017-15236 200 +Info 2017-10-11 2017-11-05
5.0
None Remote Low Not required Partial None None
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
333 CVE-2017-15235 425 Bypass 2017-10-11 2020-08-29
5.0
None Remote Low Not required Partial None None
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
334 CVE-2017-15232 476 2017-10-11 2018-07-11
4.3
None Remote Medium Not required None None Partial
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
335 CVE-2017-15228 125 2017-10-22 2018-02-04
5.0
None Remote Low Not required None None Partial
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
336 CVE-2017-15227 416 2017-10-22 2018-02-04
5.0
None Remote Low Not required None None Partial
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.
337 CVE-2017-15226 78 2017-10-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
338 CVE-2017-15225 772 DoS 2017-10-10 2019-10-03
4.3
None Remote Medium Not required None None Partial
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
339 CVE-2017-15223 835 2017-10-24 2019-10-03
5.0
None Remote Low Not required None None Partial
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
340 CVE-2017-15222 120 Exec Code Overflow 2017-10-24 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
341 CVE-2017-15221 119 Overflow 2017-10-16 2020-03-10
6.8
None Remote Medium Not required Partial Partial Partial
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
342 CVE-2017-15220 119 Exec Code Overflow 2017-10-11 2017-10-26
7.5
None Remote Low Not required Partial Partial Partial
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
343 CVE-2017-15218 772 2017-10-10 2019-10-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
344 CVE-2017-15217 772 2017-10-10 2019-10-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
345 CVE-2017-15216 79 XSS 2017-10-10 2017-10-27
4.3
None Remote Medium Not required None Partial None
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
346 CVE-2017-15215 79 XSS 2017-10-11 2017-10-27
4.3
None Remote Medium Not required None Partial None
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
347 CVE-2017-15212 200 +Info 2017-10-11 2017-10-19
4.0
None Remote Low ??? Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
348 CVE-2017-15211 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
349 CVE-2017-15210 200 +Info 2017-10-11 2017-10-19
4.0
None Remote Low ??? Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
350 CVE-2017-15209 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
Total number of vulnerabilities : 1249   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.