Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15314 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions. | |||||
| CVE-2017-15315 | 1 Huawei | 8 Nip6300, Nip6300 Firmware, Nip6600 and 5 more | 2019-10-03 | 6.8 MEDIUM | 6.5 MEDIUM |
| Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally. | |||||
| CVE-2017-15300 | 1 Ewbf | 1 Cuda Zcash Miner | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port. | |||||
| CVE-2017-15272 | 1 Psftp | 1 Psftpd | 2019-10-03 | 2.1 LOW | 5.3 MEDIUM |
| The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a user password. | |||||
| CVE-2017-15225 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | |||||
| CVE-2017-15223 | 1 Argosoft | 1 Mini Mail Server | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop. | |||||
| CVE-2017-15218 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. | |||||
| CVE-2017-15217 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. | |||||
| CVE-2017-15209 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user. | |||||
| CVE-2017-15208 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user. | |||||
| CVE-2017-15207 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user. | |||||
| CVE-2017-15206 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user. | |||||
| CVE-2017-15204 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user. | |||||
| CVE-2017-15203 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user. | |||||
| CVE-2017-15202 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user. | |||||
| CVE-2017-15201 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user. | |||||
| CVE-2017-15200 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user. | |||||
| CVE-2017-15199 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description. | |||||
| CVE-2017-15197 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user. | |||||
| CVE-2017-15196 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user. | |||||
| CVE-2017-15195 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user. | |||||
| CVE-2017-15211 | 1 Kanboard | 1 Kanboard | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user. | |||||
| CVE-2017-15130 | 3 Canonical, Debian, Dovecot | 3 Ubuntu Linux, Debian Linux, Dovecot | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart. | |||||
| CVE-2017-15127 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG). | |||||
| CVE-2017-1508 | 2 Ibm, Linux | 2 Informix Dynamic Server, Linux Kernel | 2019-10-03 | 6.8 MEDIUM | 6.7 MEDIUM |
| IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. | |||||
| CVE-2017-14939 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte. | |||||
| CVE-2017-14938 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | |||||
| CVE-2017-14934 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | |||||
| CVE-2017-14933 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | |||||
| CVE-2017-14932 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | |||||
| CVE-2017-14931 | 1 Openexif Project | 1 Openexif | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. | |||||
| CVE-2017-14903 | 1 Google | 1 Android | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. | |||||
| CVE-2017-14649 | 1 Graphicsmagick | 1 Graphicsmagick | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash). | |||||
| CVE-2017-14645 | 1 Bento4 | 1 Bento4 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service. | |||||
| CVE-2017-15269 | 1 Psftp | 1 Psftpd | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server. | |||||
| CVE-2017-14533 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. | |||||
| CVE-2017-14531 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. | |||||
| CVE-2017-14529 | 1 Gnu | 1 Binutils | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function. | |||||
| CVE-2017-14326 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-14325 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. | |||||
| CVE-2017-14324 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. | |||||
| CVE-2017-14222 | 1 Ffmpeg | 1 Ffmpeg | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-14059 | 1 Ffmpeg | 1 Ffmpeg | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF check might cause huge CPU and memory consumption. When a crafted CINE file, which claims a large "duration" field in the header but does not contain sufficient backing data, is provided, the image-offset parsing loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. | |||||
| CVE-2017-14057 | 1 Ffmpeg | 1 Ffmpeg | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided, the loops over the name and markers would consume huge CPU and memory resources, since there is no EOF check inside these loops. | |||||
| CVE-2017-14056 | 1 Ffmpeg | 1 Ffmpeg | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data, is provided, the loops (for offset and size tables) would consume huge CPU and memory resources, since there is no EOF check inside these loops. | |||||
| CVE-2017-13886 | 1 Apple | 1 Mac Os X | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions. | |||||
| CVE-2017-13987 | 1 Hp | 2 Arcsight Enterprise Security Manager, Arcsight Enterprise Security Manager Express | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An insufficient access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows an unauthorized user to download log files. | |||||
| CVE-2017-13806 | 1 Apple | 1 Iphone Os | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. | |||||
| CVE-2017-13736 | 1 Graphicsmagick | 1 Graphicsmagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |||||
| CVE-2017-13727 | 1 Libtiff | 1 Libtiff | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | |||||
