Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-15314 1 Huawei 12 Dp300, Dp300 Firmware, Rp200 and 9 more 2019-10-03 2.1 LOW 5.5 MEDIUM
Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions.
CVE-2017-15300 1 Ewbf 1 Cuda Zcash Miner 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port.
CVE-2017-15225 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file.
CVE-2017-15223 1 Argosoft 1 Mini Mail Server 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
CVE-2017-15209 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.
CVE-2017-15208 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.
CVE-2017-15207 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.
CVE-2017-15206 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.
CVE-2017-15204 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions to a private project of another user.
CVE-2017-15203 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories from a private project of another user.
CVE-2017-15202 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.
CVE-2017-15201 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a private project of another user.
CVE-2017-15200 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user.
CVE-2017-15199 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a private project of another user, as demonstrated by Name, Email, Identifier, and Description.
CVE-2017-15197 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to a private project of another user.
CVE-2017-15196 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
CVE-2017-15195 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
CVE-2017-15211 1 Kanboard 1 Kanboard 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user.
CVE-2017-15130 3 Canonical, Debian, Dovecot 3 Ubuntu Linux, Debian Linux, Dovecot 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
CVE-2017-15127 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
CVE-2017-15014 1 Opentext 1 Documentum Content Server 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the repository, he performs the following steps: (1) calls the START_PUSH RPC-command; (2) uploads the file to the content server; (3) calls the END_PUSH_V2 RPC-command (here, Content Server returns a DATA_TICKET integer, intended to identify the location of the uploaded file on the Content Server filesystem); (4) creates a dmr_content object in the repository, which has a value of data_ticket equal to the value of DATA_TICKET returned at the end of END_PUSH_V2 call. As the result of this design, any authenticated user may create his own dmr_content object, pointing to already existing content in the Content Server filesystem.
CVE-2017-15053 1 Teampass 1 Teampass 2019-10-03 4.0 MEDIUM 4.9 MEDIUM
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for example by changing the "id" parameter when invoking "delete_role" on roles.queries.php.
CVE-2017-14939 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.
CVE-2017-14938 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
CVE-2017-14934 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
CVE-2017-14933 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVE-2017-14932 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVE-2017-14931 1 Openexif Project 1 Openexif 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.
CVE-2017-15024 1 Gnu 1 Binutils 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVE-2017-14930 1 Gnu 1 Binutils 2019-10-03 7.1 HIGH 5.5 MEDIUM
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.
CVE-2017-1493 1 Ibm 1 Urbancode Deploy 2019-10-03 5.5 MEDIUM 5.4 MEDIUM
IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691.
CVE-2017-14905 1 Google 1 Android 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
CVE-2017-14903 1 Google 1 Android 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.
CVE-2017-14863 1 Exiv2 1 Exiv2 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2017-14861 1 Exiv2 1 Exiv2 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
CVE-2017-14860 1 Exiv2 1 Exiv2 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMetadata function of jp2image.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack.
CVE-2017-14970 1 Openvswitch 1 Openvswitch 2019-10-03 4.3 MEDIUM 5.9 MEDIUM
In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."
CVE-2017-0064 1 Microsoft 1 Internet Explorer 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability."
CVE-2017-0066 1 Microsoft 1 Edge 2019-10-03 4.0 MEDIUM 4.2 MEDIUM
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.
CVE-2017-14684 1 Imagemagick 1 Imagemagick 2019-10-03 7.1 HIGH 6.5 MEDIUM
In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.
CVE-2017-14649 1 Graphicsmagick 1 Graphicsmagick 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
CVE-2017-14645 1 Bento4 1 Bento4 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.
CVE-2017-0140 1 Microsoft 1 Edge 2019-10-03 4.0 MEDIUM 4.2 MEDIUM
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
CVE-2017-14431 1 Xen 1 Xen 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
CVE-2017-0173 1 Microsoft 2 Windows 10, Windows Server 2016 2019-10-03 4.6 MEDIUM 5.3 MEDIUM
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.
CVE-2017-0174 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2019-10-03 6.1 MEDIUM 6.5 MEDIUM
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".
CVE-2017-0207 1 Microsoft 1 Outlook 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
CVE-2017-1441 1 Ibm 1 Emptoris Services Procurement 2019-10-03 2.1 LOW 5.5 MEDIUM
IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to view sensitive information stored locally due to improper access control. IBM X-Force ID: 128106.
CVE-2017-0210 1 Microsoft 1 Internet Explorer 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2017-0211 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability."