CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2017-14526 611 DoS 2017-09-28 2017-10-06
6.5
None Remote Low ??? Partial Partial Partial
Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in.
252 CVE-2017-14525 601 2017-09-28 2017-10-06
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
253 CVE-2017-14524 601 2017-09-28 2017-10-06
5.8
None Remote Medium Not required Partial Partial None
Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect.
254 CVE-2017-14520 20 2017-09-17 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
255 CVE-2017-14519 835 Mem. Corr. 2017-09-17 2019-10-03
5.0
None Remote Low Not required None None Partial
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
256 CVE-2017-14518 20 2017-09-17 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
257 CVE-2017-14517 476 2017-09-17 2019-01-18
4.3
None Remote Medium Not required None None Partial
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
258 CVE-2017-14515 119 DoS Overflow 2017-09-17 2017-09-21
5.0
None Remote Low Not required None None Partial
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.
259 CVE-2017-14514 22 Dir. Trav. 2017-09-17 2017-09-21
5.0
None Remote Low Not required Partial None None
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
260 CVE-2017-14513 22 Dir. Trav. 2017-09-17 2017-09-21
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/physical.php.
261 CVE-2017-14512 89 Sql 2017-09-17 2017-09-21
7.5
None Remote Low Not required Partial Partial Partial
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
262 CVE-2017-14511 20 Bypass 2017-09-17 2017-09-28
5.0
None Remote Low Not required None None Partial
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore, since an email address can be registered only once, an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.
263 CVE-2017-14510 79 XSS 2017-09-17 2017-12-30
4.3
None Remote Medium Not required None Partial None
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unauthenticated cross-site scripting (XSS) attacks. This attack vector is mitigated by proper validating the redirect URL values being passed along.
264 CVE-2017-14509 20 File Inclusion 2017-09-17 2017-12-30
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors module allowing authenticated users to include remotely accessible system files via a module=CallRest&url= query string. Proper input validation has been added to mitigate this issue.
265 CVE-2017-14508 89 Sql 2017-09-17 2017-12-30
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits.
266 CVE-2017-14507 89 Exec Code Sql 2017-09-29 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
267 CVE-2017-14506 79 XSS 2017-09-25 2019-10-17
3.5
None Remote Medium ??? None Partial None
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
268 CVE-2017-14505 476 DoS 2017-09-17 2020-09-08
4.3
None Remote Medium Not required None None Partial
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.
269 CVE-2017-14504 476 2017-09-17 2019-06-30
4.3
None Remote Medium Not required None None Partial
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
270 CVE-2017-14503 125 2017-09-17 2018-12-28
4.3
None Remote Medium Not required None None Partial
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
271 CVE-2017-14502 125 2017-09-17 2019-10-03
5.0
None Remote Low Not required None None Partial
read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.
272 CVE-2017-14501 125 2017-09-17 2018-12-28
4.3
None Remote Medium Not required None None Partial
An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.
273 CVE-2017-14500 78 Exec Code 2017-09-17 2020-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.
274 CVE-2017-14498 79 XSS 2017-09-15 2017-11-02
4.3
None Remote Medium Not required None Partial None
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
275 CVE-2017-14497 119 DoS Overflow Mem. Corr. 2017-09-15 2018-01-13
7.2
None Local Low Not required Complete Complete Complete
The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.
276 CVE-2017-14489 20 DoS 2017-09-15 2018-03-16
4.9
None Local Low Not required None None Complete
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
277 CVE-2017-14484 269 Exec Code +Priv 2017-09-15 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
278 CVE-2017-14483 362 Exec Code 2017-09-15 2019-10-03
4.9
None Local Low Not required None None Complete
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
279 CVE-2017-14482 Exec Code 2017-09-14 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).
280 CVE-2017-14431 772 DoS 2017-09-13 2019-10-03
4.9
None Local Low Not required None None Complete
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
281 CVE-2017-14430 20 DoS 2017-09-13 2017-09-20
5.0
None Remote Low Not required None None Partial
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
282 CVE-2017-14429 78 Exec Code 2017-09-13 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
283 CVE-2017-14428 798 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
284 CVE-2017-14427 276 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
285 CVE-2017-14426 798 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0644 /var/etc/shadow (aka the /etc/shadow symlink target) permissions.
286 CVE-2017-14425 276 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/etc/hnapasswd permissions.
287 CVE-2017-14424 276 2017-09-13 2019-10-03
2.1
None Local Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.
288 CVE-2017-14423 307 2017-09-13 2019-10-03
5.0
None Remote Low Not required None Partial None
htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a series of requests.
289 CVE-2017-14422 798 2017-09-13 2017-09-21
5.0
None Remote Low Not required Partial None None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
290 CVE-2017-14421 798 2017-09-13 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
291 CVE-2017-14420 295 +Info 2017-09-13 2017-09-21
4.3
None Remote Medium Not required Partial None None
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
292 CVE-2017-14419 295 2017-09-13 2017-09-21
4.3
None Remote Medium Not required Partial None None
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
293 CVE-2017-14418 522 2017-09-13 2019-10-03
4.3
None Remote Medium Not required Partial None None
The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices, sends the cleartext admin password over the Internet as part of interaction with mydlink Cloud Services.
294 CVE-2017-14417 306 2017-09-13 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.
295 CVE-2017-14416 79 XSS 2017-09-13 2017-09-20
4.3
None Remote Medium Not required None Partial None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php.
296 CVE-2017-14415 79 XSS 2017-09-13 2017-09-20
4.3
None Remote Medium Not required None Partial None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php.
297 CVE-2017-14414 79 XSS 2017-09-13 2017-09-20
4.3
None Remote Medium Not required None Partial None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php.
298 CVE-2017-14413 79 XSS 2017-09-13 2017-09-20
4.3
None Remote Medium Not required None Partial None
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.
299 CVE-2017-14412 787 DoS 2017-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.
300 CVE-2017-14411 787 DoS Exec Code Overflow 2017-09-13 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
Total number of vulnerabilities : 1228   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.