CVE List - 2017 / October
Showing 301 - 400 of 1398 CVEs for October 2017 (Page 4 of 14)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2015-7503 | 2017-10-10 | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. |
| CVE-2015-7778 | 2017-10-10 | Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. |
| CVE-2015-8239 | 2017-10-10 | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is... |
| CVE-2017-15216 | 2017-10-10 | MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. |
| CVE-2017-12623 | 2017-10-10 | An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities... |
| CVE-2017-13675 | 2017-10-10 | A denial of service (DoS) attack in Symantec Endpoint Encryption before SEE 11.1.3HF2 allows remote attackers to make a particular machine or network resource unavailable to its intended users by... |
| CVE-2017-13679 | 2017-10-10 | A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users... |
| CVE-2017-11051 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params... |
| CVE-2017-15217 | 2017-10-10 | ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. |
| CVE-2017-15218 | 2017-10-10 | ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. |
| CVE-2016-10513 | 2017-10-10 | Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php. |
| CVE-2016-10514 | 2017-10-10 | url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a substring... |
| CVE-2017-11046 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel... |
| CVE-2017-11048 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition... |
| CVE-2017-11050 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when the pktlogconf tool gives a pktlog buffer of size... |
| CVE-2017-11052 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a... |
| CVE-2017-11053 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16... |
| CVE-2017-11054 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer... |
| CVE-2017-11055 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION cfg80211 vendor command, a... |
| CVE-2017-11056 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while doing sha and cipher operations, a userspace buffer is... |
| CVE-2017-11057 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flash_data from 64-bit userspace may cause disclosure... |
| CVE-2017-11059 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations... |
| CVE-2017-11060 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and... |
| CVE-2017-11061 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read... |
| CVE-2017-11062 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently attributes are not validated in __wlan_hdd_cfg80211_do_acs which can potentially... |
| CVE-2017-11063 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace... |
| CVE-2017-11064 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and... |
| CVE-2017-11067 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address... |
| CVE-2017-9683 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur,... |
| CVE-2017-9686 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the... |
| CVE-2017-9687 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to... |
| CVE-2017-9697 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory... |
| CVE-2017-9706 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display... |
| CVE-2017-9714 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch... |
| CVE-2017-9715 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur. |
| CVE-2017-9717 | 2017-10-10 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing Netlink attributes, a buffer overread can occur. |
| CVE-2017-1503 | 2017-10-10 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server... |
| CVE-2017-15189 | 2017-10-10 | In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements. |
| CVE-2017-15190 | 2017-10-10 | In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. |
| CVE-2017-15191 | 2017-10-10 | In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length. |
| CVE-2017-15192 | 2017-10-10 | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT... |
| CVE-2017-15193 | 2017-10-10 | In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach. |
| CVE-2017-1538 | 2017-10-10 | IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735. |
| CVE-2017-15219 | 2017-10-10 | The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field. |
| CVE-2017-8994 | 2017-10-10 | A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely. |
| CVE-2017-15225 | 2017-10-10 | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via... |
| CVE-2017-15226 | 2017-10-10 | Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. |
| CVE-2017-5700 | 2017-10-11 | Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access... |
| CVE-2017-5701 | 2017-10-11 | Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware... |
| CVE-2017-5721 | 2017-10-11 | Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. |
| CVE-2017-5722 | 2017-10-11 | Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections... |
| CVE-2017-15232 | 2017-10-11 | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. |
| CVE-2017-15235 | 2017-10-11 | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact... |
| CVE-2017-15238 | 2017-10-11 | ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. |
| CVE-2017-15236 | 2017-10-11 | Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by... |
| CVE-2017-7352 | 2017-10-11 | Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity 4.7.5 allows remote authenticated users to inject arbitrary web script or HTML via the "host" parameter on the 'System > Configuration... |
| CVE-2013-6924 | 2017-10-11 | Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. |
| CVE-2017-15220 | 2017-10-11 | Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to... |
| CVE-2017-12188 | 2017-10-11 | arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS... |
| CVE-2017-13720 | 2017-10-11 | In the PatternMatch function in fontfile/fontdir.c in libXfont through 1.5.2 and 2.x before 2.0.2, an attacker with access to an X connection can cause a buffer over-read during pattern matching... |
| CVE-2017-13722 | 2017-10-11 | In the pcfGetProperties function in bitmap/pcfread.c in libXfont through 1.5.2 and 2.x before 2.0.2, a missing boundary check (for PCF files) could be used by local attackers authenticated to an... |
| CVE-2017-15266 | 2017-10-11 | In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. |
| CVE-2017-15267 | 2017-10-11 | In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_metadata in flac_extractor.c. |
| CVE-2017-15239 | 2017-10-11 | IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15240 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15241 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15242 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User... |
| CVE-2017-15243 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15244 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15245 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15246 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read... |
| CVE-2017-15247 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15248 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from... |
| CVE-2017-15249 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from... |
| CVE-2017-15250 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15251 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from... |
| CVE-2017-15252 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read... |
| CVE-2017-15253 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "User... |
| CVE-2017-15254 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15255 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15256 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15257 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from... |
| CVE-2017-15258 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15259 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15260 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15261 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15262 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from... |
| CVE-2017-15263 | 2017-10-11 | IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to... |
| CVE-2017-15264 | 2017-10-11 | IrfanView version 4.44 (32bit) allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file, related to "Data from Faulting Address is... |
| CVE-2017-0903 | 2017-10-11 | RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can... |
| CVE-2017-14587 | 2017-10-11 | The administration user deletion resource in Atlassian Fisheye and Crucible before version 4.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in... |
| CVE-2017-14588 | 2017-10-11 | Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog parameter. |
| CVE-2017-2887 | 2017-10-11 | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code... |
| CVE-2017-2888 | 2017-10-11 | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being... |
| CVE-2017-14003 | 2017-10-11 | An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited,... |
| CVE-2017-14369 | 2017-10-11 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and... |
| CVE-2017-14370 | 2017-10-11 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML... |
| CVE-2017-14371 | 2017-10-11 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser... |
| CVE-2017-14372 | 2017-10-11 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary HTML in... |
| CVE-2017-8016 | 2017-10-11 | RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in... |