CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2017-14930 772 DoS 2017-09-30 2019-10-03
7.1
None Remote Medium Not required None None Complete
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
52 CVE-2017-14929 835 Mem. Corr. 2017-09-30 2019-10-03
5.0
None Remote Low Not required None None Partial
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.
53 CVE-2017-14928 476 2017-09-30 2021-04-06
4.3
None Remote Medium Not required None None Partial
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.
54 CVE-2017-14927 476 2017-09-30 2017-10-03
4.3
None Remote Medium Not required None None Partial
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.
55 CVE-2017-14926 476 2017-09-30 2021-04-06
4.3
None Remote Medium Not required None None Partial
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.
56 CVE-2017-14925 352 CSRF 2017-09-30 2017-10-06
6.0
None Remote Medium ??? Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site.
57 CVE-2017-14924 352 +Priv CSRF 2017-09-30 2017-10-06
6.0
None Remote Medium ??? Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php.
58 CVE-2017-14923 79 XSS 2017-09-30 2017-10-05
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
59 CVE-2017-14922 79 XSS 2017-09-30 2017-10-05
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
60 CVE-2017-14921 79 XSS 2017-09-30 2017-10-05
3.5
None Remote Medium ??? None Partial None
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
61 CVE-2017-14920 79 XSS 2017-09-30 2017-10-05
4.3
None Remote Medium Not required None Partial None
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
62 CVE-2017-14867 78 Exec Code 2017-09-29 2021-01-26
9.0
None Remote Low ??? Complete Complete Complete
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
63 CVE-2017-14866 119 DoS Overflow 2017-09-29 2017-10-04
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the Exiv2::s2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
64 CVE-2017-14865 119 DoS Overflow 2017-09-29 2017-10-04
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the Exiv2::us2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
65 CVE-2017-14864 119 DoS Overflow 2017-09-29 2019-03-04
4.3
None Remote Medium Not required None None Partial
An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
66 CVE-2017-14863 476 DoS 2017-09-29 2019-10-03
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
67 CVE-2017-14862 119 DoS Overflow 2017-09-29 2019-03-04
4.3
None Remote Medium Not required None None Partial
An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
68 CVE-2017-14861 190 DoS 2017-09-29 2019-10-03
4.3
None Remote Medium Not required None None Partial
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
69 CVE-2017-14860 125 DoS 2017-09-29 2019-10-03
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
70 CVE-2017-14859 119 DoS Overflow 2017-09-29 2019-03-04
4.3
None Remote Medium Not required None None Partial
An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
71 CVE-2017-14858 119 DoS Overflow 2017-09-29 2017-10-04
4.3
None Remote Medium Not required None None Partial
There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
72 CVE-2017-14857 416 DoS 2017-09-29 2017-10-04
4.3
None Remote Medium Not required None None Partial
In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack.
73 CVE-2017-14849 22 Dir. Trav. 2017-09-28 2019-10-03
5.0
None Remote Low Not required Partial None None
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
74 CVE-2017-14847 89 Sql 2017-09-28 2017-10-05
6.5
None Remote Low ??? Partial Partial Partial
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
75 CVE-2017-14846 89 Sql 2017-09-28 2017-10-05
6.5
None Remote Low ??? Partial Partial Partial
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
76 CVE-2017-14845 89 Sql 2017-09-28 2017-10-05
6.5
None Remote Low ??? Partial Partial Partial
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
77 CVE-2017-14844 89 Sql 2017-09-28 2017-10-05
6.5
None Remote Low ??? Partial Partial Partial
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
78 CVE-2017-14843 89 Sql 2017-09-28 2017-10-05
6.5
None Remote Low ??? Partial Partial Partial
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
79 CVE-2017-14842 89 Sql 2017-09-28 2017-10-05
6.5
None Remote Low ??? Partial Partial Partial
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
80 CVE-2017-14841 434 2017-09-28 2017-10-05
4.0
None Remote Low ??? None Partial None
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
81 CVE-2017-14840 434 2017-09-28 2017-10-06
6.5
None Remote Low ??? Partial Partial Partial
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
82 CVE-2017-14839 434 2017-09-28 2017-10-06
6.5
None Remote Low ??? Partial Partial Partial
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
83 CVE-2017-14838 434 2017-09-28 2017-10-06
6.5
None Remote Low ??? Partial Partial Partial
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
84 CVE-2017-14796 191 DoS 2017-09-28 2017-09-30
6.8
None Remote Medium Not required Partial Partial Partial
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.
85 CVE-2017-14795 125 DoS 2017-09-28 2017-09-30
6.8
None Remote Medium Not required Partial Partial Partial
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg.
86 CVE-2017-14775 200 +Info 2017-09-28 2017-10-10
4.3
None Remote Medium Not required Partial None None
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
87 CVE-2017-14767 119 DoS Overflow 2017-09-27 2019-01-08
6.8
None Remote Medium Not required Partial Partial Partial
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file.
88 CVE-2017-14766 287 Bypass 2017-09-27 2017-10-10
6.4
None Remote Low Not required None Partial Partial
The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.
89 CVE-2017-14765 79 XSS 2017-09-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.
90 CVE-2017-14764 94 Exec Code 2017-09-27 2017-09-29
6.5
None Remote Low ??? Partial Partial Partial
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
91 CVE-2017-14763 Exec Code 2017-09-27 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
92 CVE-2017-14762 79 XSS 2017-09-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.
93 CVE-2017-14761 79 XSS 2017-09-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.
94 CVE-2017-14760 89 Sql 2017-09-27 2017-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php.
95 CVE-2017-14753 79 XSS 2017-09-27 2021-02-23
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
96 CVE-2017-14751 79 XSS 2017-09-26 2017-10-06
4.3
None Remote Medium Not required None Partial None
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
97 CVE-2017-14749 119 DoS Exec Code Overflow Mem. Corr. 2017-09-26 2017-10-06
6.8
None Remote Medium Not required Partial Partial Partial
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
98 CVE-2017-14748 362 DoS 2017-09-26 2017-10-06
3.5
None Remote Medium ??? None None Partial
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.
99 CVE-2017-14745 190 DoS Overflow 2017-09-26 2017-09-29
6.8
None Remote Medium Not required Partial Partial Partial
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.
100 CVE-2017-14744 79 XSS 2017-09-26 2017-10-06
4.3
None Remote Medium Not required None Partial None
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
Total number of vulnerabilities : 1228   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.