CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2017-11101 476 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.
402 CVE-2017-11100 476 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.
403 CVE-2017-11099 20 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.
404 CVE-2017-11098 20 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.
405 CVE-2017-11097 476 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
406 CVE-2017-11096 476 2017-07-07 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.
407 CVE-2017-10995 125 DoS 2017-07-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
408 CVE-2017-10994 123 Exec Code 2017-07-07 2017-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.
409 CVE-2017-10993 22 Dir. Trav. 2017-07-21 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
410 CVE-2017-10991 79 XSS 2017-07-07 2018-08-13
4.3
None Remote Medium Not required None Partial None
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
411 CVE-2017-10989 125 2017-07-07 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
412 CVE-2017-10987 125 DoS 2017-07-17 2019-10-03
5.0
None Remote Low Not required None None Partial
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
413 CVE-2017-10986 835 DoS 2017-07-17 2019-10-03
5.0
None Remote Low Not required None None Partial
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
414 CVE-2017-10985 835 DoS 2017-07-17 2019-10-03
7.8
None Remote Low Not required None None Complete
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
415 CVE-2017-10984 787 DoS Exec Code Overflow 2017-07-17 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
416 CVE-2017-10983 119 DoS Overflow 2017-07-17 2018-01-05
5.0
None Remote Low Not required None None Partial
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
417 CVE-2017-10982 125 DoS 2017-07-17 2019-10-03
5.0
None Remote Low Not required None None Partial
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
418 CVE-2017-10981 772 DoS 2017-07-17 2019-10-03
5.0
None Remote Low Not required None None Partial
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
419 CVE-2017-10980 772 DoS 2017-07-17 2019-10-03
5.0
None Remote Low Not required None None Partial
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
420 CVE-2017-10979 787 DoS Exec Code Overflow 2017-07-17 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
421 CVE-2017-10978 119 DoS Overflow 2017-07-17 2019-07-03
5.0
None Remote Low Not required None None Partial
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
422 CVE-2017-10976 125 2017-07-06 2017-07-17
5.0
None Remote Low Not required None None Partial
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.
423 CVE-2017-10975 79 XSS 2017-07-06 2017-07-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification and in the myfiles component, if the attacker can convince the victim to proceed with an upload despite the appearance of an XSS payload in the filename.
424 CVE-2017-10974 22 Dir. Trav. 2017-07-07 2017-07-14
5.0
None Remote Low Not required Partial None None
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
425 CVE-2017-10973 918 2017-07-06 2017-07-17
4.3
None Remote Medium Not required None Partial None
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
426 CVE-2017-10972 665 2017-07-06 2019-10-03
4.0
None Remote Low ??? Partial None None
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X server.
427 CVE-2017-10971 119 Exec Code Overflow 2017-07-06 2017-11-04
6.5
None Remote Low ??? Partial Partial Partial
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of X Events.
428 CVE-2017-10970 79 XSS 2017-07-06 2017-07-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
429 CVE-2017-10968 94 Exec Code 2017-07-07 2017-07-17
7.5
None Remote Low Not required Partial Partial Partial
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
430 CVE-2017-10967 79 XSS 2017-07-06 2017-07-13
4.3
None Remote Medium Not required None Partial None
In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.
431 CVE-2017-10966 416 2017-07-07 2017-11-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result in use-after-free conditions on each access of the hash table.
432 CVE-2017-10965 476 2017-07-07 2017-11-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
433 CVE-2017-10962 79 XSS 2017-07-18 2017-07-24
4.3
None Remote Medium Not required None Partial None
REDCap before 7.5.1 has XSS via the query string.
434 CVE-2017-10961 352 CSRF 2017-07-18 2021-07-01
6.8
None Remote Medium Not required Partial Partial Partial
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
435 CVE-2017-10929 119 DoS Overflow 2017-07-05 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.
436 CVE-2017-10928 125 +Info 2017-07-05 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c.
437 CVE-2017-10926 119 DoS Overflow 2017-07-05 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
438 CVE-2017-10925 119 DoS Overflow 2017-07-05 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae."
439 CVE-2017-10924 119 DoS Exec Code Overflow 2017-07-05 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000a529."
440 CVE-2017-10923 20 DoS 2017-07-05 2017-08-22
5.0
None Remote Low Not required None None Partial
Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.
441 CVE-2017-10922 400 DoS 2017-07-05 2017-11-04
5.0
None Remote Low Not required None None Partial
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
442 CVE-2017-10921 119 DoS Overflow Mem. Corr. 2017-07-05 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.
443 CVE-2017-10920 119 DoS Overflow Mem. Corr. 2017-07-05 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1.
444 CVE-2017-10919 DoS 2017-07-05 2019-10-03
5.0
None Remote Low Not required None None Partial
Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.
445 CVE-2017-10918 20 2017-07-05 2017-11-04
10.0
None Remote Low Not required Complete Complete Complete
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
446 CVE-2017-10917 476 DoS +Info 2017-07-05 2017-11-04
9.4
None Remote Low Not required Complete None Complete
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
447 CVE-2017-10916 200 +Info 2017-07-05 2017-11-04
5.0
None Remote Low Not required Partial None None
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
448 CVE-2017-10915 362 2017-07-05 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
449 CVE-2017-10914 362 DoS +Priv +Info 2017-07-05 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
450 CVE-2017-10913 +Priv +Info 2017-07-05 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.
Total number of vulnerabilities : 1280   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.