CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2017-15247 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000001168a1."
352 CVE-2017-15246 119 DoS Exec Code Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b."
353 CVE-2017-15245 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlGetGlobalState+0x0000000000057b76."
354 CVE-2017-15244 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
355 CVE-2017-15243 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Possible Stack Corruption starting at PDF!xmlGetGlobalState+0x00000000000568a4."
356 CVE-2017-15242 119 DoS Exec Code Overflow 2017-10-11 2017-10-27
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User Mode Write AV starting at PDF!xmlGetGlobalState+0x0000000000031abe."
357 CVE-2017-15241 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5."
358 CVE-2017-15240 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef."
359 CVE-2017-15239 119 DoS Overflow 2017-10-11 2017-10-24
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlParserInputRead+0x0000000000040db4."
360 CVE-2017-15238 416 2017-10-11 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
361 CVE-2017-15236 200 +Info 2017-10-11 2017-11-05
5.0
None Remote Low Not required Partial None None
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
362 CVE-2017-15235 425 Bypass 2017-10-11 2020-08-29
5.0
None Remote Low Not required Partial None None
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
363 CVE-2017-15232 476 2017-10-11 2018-07-11
4.3
None Remote Medium Not required None None Partial
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
364 CVE-2017-15228 125 2017-10-22 2018-02-04
5.0
None Remote Low Not required None None Partial
Irssi before 1.0.5, when installing themes with unterminated colour formatting sequences, may access data beyond the end of the string.
365 CVE-2017-15227 416 2017-10-22 2018-02-04
5.0
None Remote Low Not required None None Partial
Irssi before 1.0.5, while waiting for the channel synchronisation, may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on.
366 CVE-2017-15226 78 2017-10-10 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
367 CVE-2017-15225 772 DoS 2017-10-10 2019-10-03
4.3
None Remote Medium Not required None None Partial
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
368 CVE-2017-15223 835 2017-10-24 2019-10-03
5.0
None Remote Low Not required None None Partial
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
369 CVE-2017-15222 120 Exec Code Overflow 2017-10-24 2019-12-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
370 CVE-2017-15221 119 Overflow 2017-10-16 2020-03-10
6.8
None Remote Medium Not required Partial Partial Partial
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
371 CVE-2017-15220 119 Exec Code Overflow 2017-10-11 2017-10-26
7.5
None Remote Low Not required Partial Partial Partial
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.
372 CVE-2017-15219 79 XSS 2017-10-10 2017-10-25
3.5
None Remote Medium ??? None Partial None
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
373 CVE-2017-15218 772 2017-10-10 2019-10-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.
374 CVE-2017-15217 772 2017-10-10 2019-10-03
4.3
None Remote Medium Not required None None Partial
ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.
375 CVE-2017-15216 79 XSS 2017-10-10 2017-10-27
4.3
None Remote Medium Not required None Partial None
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
376 CVE-2017-15215 79 XSS 2017-10-11 2017-10-27
4.3
None Remote Medium Not required None Partial None
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
377 CVE-2017-15214 79 +Priv XSS 2017-10-11 2017-10-27
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
378 CVE-2017-15213 79 +Priv XSS 2017-10-11 2017-10-27
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
379 CVE-2017-15212 200 +Info 2017-10-11 2017-10-19
4.0
None Remote Low ??? Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
380 CVE-2017-15211 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
381 CVE-2017-15210 200 +Info 2017-10-11 2017-10-19
4.0
None Remote Low ??? Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.
382 CVE-2017-15209 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
383 CVE-2017-15208 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
384 CVE-2017-15207 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
385 CVE-2017-15206 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
386 CVE-2017-15205 200 +Info 2017-10-11 2017-10-19
4.0
None Remote Low ??? Partial None None
In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.
387 CVE-2017-15204 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
388 CVE-2017-15203 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
389 CVE-2017-15202 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
390 CVE-2017-15201 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
391 CVE-2017-15200 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
392 CVE-2017-15199 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
393 CVE-2017-15198 200 +Info 2017-10-11 2017-10-19
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user.
394 CVE-2017-15197 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
395 CVE-2017-15196 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
396 CVE-2017-15195 639 2017-10-11 2019-10-03
4.0
None Remote Low ??? None Partial None
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
397 CVE-2017-15194 79 XSS 2017-10-11 2017-10-20
4.3
None Remote Medium Not required None Partial None
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
398 CVE-2017-15193 400 2017-10-10 2017-10-17
7.8
None Remote Low Not required None None Complete
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
399 CVE-2017-15192 2017-10-10 2019-10-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.
400 CVE-2017-15191 134 2017-10-10 2019-03-01
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
Total number of vulnerabilities : 1429   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.