Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7379 1 Podofo Project 1 Podofo 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document.
CVE-2017-7489 1 Moodle 1 Moodle 2019-10-03 6.5 MEDIUM 6.3 MEDIUM
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
CVE-2017-7490 1 Moodle 1 Moodle 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
CVE-2017-7627 1 Smart Related Articles Project 1 Smart Related Articles 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check).
CVE-2017-7716 1 Radare 1 Radare2 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVE-2017-7737 1 Fortinet 1 Fortiweb 2019-10-03 4.0 MEDIUM 4.9 MEDIUM
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
CVE-2017-7761 2 Microsoft, Mozilla 3 Windows, Firefox, Firefox Esr 2019-10-03 3.6 LOW 5.5 MEDIUM
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
CVE-2017-7789 1 Mozilla 1 Firefox 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.
CVE-2017-7767 2 Microsoft, Mozilla 3 Windows, Firefox, Firefox Esr 2019-10-03 2.1 LOW 5.5 MEDIUM
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
CVE-2017-7781 1 Mozilla 1 Firefox 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.
CVE-2017-7782 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2017-7816 1 Mozilla 1 Firefox 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.
CVE-2017-7820 1 Mozilla 1 Firefox 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56.
CVE-2017-7822 1 Mozilla 1 Firefox 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56.
CVE-2017-7830 3 Debian, Mozilla, Redhat 9 Debian Linux, Firefox, Firefox Esr and 6 more 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
CVE-2017-7849 1 Tenable 1 Nessus 2019-10-03 2.1 LOW 5.5 MEDIUM
Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local denial of service condition due to insecure permissions when running in Agent Mode.
CVE-2017-7854 1 Radare 1 Radare2 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.
CVE-2017-7970 1 Schneider-electric 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert 2019-10-03 3.3 LOW 6.5 MEDIUM
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to specify Arbitrary Server Target Nodes in connection requests to the Secure Gateway and Server components.
CVE-2017-7972 1 Schneider-electric 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert 2019-10-03 5.2 MEDIUM 5.5 MEDIUM
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the ability to escape out of remote PowerSCADA Anywhere applications and launch other processes.
CVE-2017-8034 1 Cloudfoundry 3 Capi-release, Cf-release, Routing-release 2019-10-03 6.0 MEDIUM 6.6 MEDIUM
The Cloud Controller and Router in Cloud Foundry (CAPI-release capi versions prior to v1.32.0, Routing-release versions prior to v0.159.0, CF-release versions prior to v267) do not validate the issuer on JSON Web Tokens (JWTs) from UAA. With certain multi-zone UAA configurations, zone administrators are able to escalate their privileges.
CVE-2017-8039 1 Pivotal 1 Spring Web Flow 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings. NOTE: this issue exists because of an incomplete fix for CVE-2017-4971.
CVE-2017-8053 1 Podofo Project 1 Podofo 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).
CVE-2017-8054 1 Podofo Project 1 Podofo 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
CVE-2017-8083 1 Compulab 4 Intense Pc, Intense Pc Firmware, Mintbox 2 and 1 more 2019-10-03 7.2 HIGH 6.7 MEDIUM
CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.
CVE-2017-8196 1 Huawei 1 Fusionsphere 2019-10-03 4.6 MEDIUM 4.2 MEDIUM
FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable.
CVE-2017-8201 1 Huawei 6 Max Presence, Max Presence Firmware, Tp3106 and 3 more 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition.
CVE-2017-8206 1 Huawei 2 Honor 7 Lite, Honor 7 Lite Firmware 2019-10-03 7.2 HIGH 6.8 MEDIUM
HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily.
CVE-2017-8314 2 Debian, Kodi 2 Debian Linux, Kodi 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
CVE-2017-8327 1 Entropymine 1 Imageworsener 2019-10-03 7.1 HIGH 6.5 MEDIUM
The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.
CVE-2017-8363 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
CVE-2017-8365 2 Debian, Libsndfile Project 2 Debian Linux, Libsndfile 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
CVE-2017-8343 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8344 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8345 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8346 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8347 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8352 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8353 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8354 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8355 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
CVE-2017-8371 1 Schneider-electric 1 Struxureware Data Center Expert 2019-10-03 4.0 MEDIUM 6.8 MEDIUM
Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2017-8372 1 Underbit 1 Mad Libmad 2019-10-03 2.6 LOW 4.7 MEDIUM
The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.
CVE-2017-8388 1 Genixcms 1 Genixcms 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.
CVE-2017-8391 3 Ca, Linux, Microsoft 3 Client Automation, Linux Kernel, Windows 2019-10-03 2.1 LOW 5.5 MEDIUM
The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation.
CVE-2017-8493 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2019-10-03 2.1 LOW 5.5 MEDIUM
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability".
CVE-2017-8637 1 Microsoft 2 Edge, Windows 10 2019-10-03 2.6 LOW 5.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".
CVE-2017-8508 1 Microsoft 1 Outlook 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".
CVE-2017-8650 1 Microsoft 2 Edge, Windows 10 2019-10-03 5.8 MEDIUM 5.4 MEDIUM
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
CVE-2017-8515 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability".
CVE-2017-8523 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.