The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2017-9044 | The print_symbol_for_build_attribute function in readelf.c in GNU Binutils 2017-04-12 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted ELF file. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9045 | The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json file. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9046 | winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9047 | A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \'buf\' of size \'size\'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses \'len\' rather than the updated buffer length strlen(buf). This allows us to write about size many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9048 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \'buf\' of size \'size\'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9049 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9050 | libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9059 | The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a module reference and kernel daemon leak. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9061 | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9062 | In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9063 | In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9064 | In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9065 | In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9066 | In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9067 | In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9068 | In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9069 | In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9072 | Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm. | MEDIUM | May 18, 2017 | n/a |
CVE-2017-9079 | Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is read with root privileges and symlinks are followed. | MEDIUM | May 19, 2017 | n/a |
CVE-2017-9083 | poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. | MEDIUM | May 19, 2017 | n/a |
CVE-2017-9090 | reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | MEDIUM | May 19, 2017 | n/a |
CVE-2017-9091 | /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | MEDIUM | May 19, 2017 | n/a |
CVE-2017-9093 | The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | MEDIUM | May 19, 2017 | n/a |
CVE-2017-9094 | The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | MEDIUM | May 19, 2017 | n/a |
CVE-2017-9098 | ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9110 | In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9111 | In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9112 | In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9113 | In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9114 | In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9115 | In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9116 | In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9131 | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. By connecting to the Mosquitto broker on an access point and one of its clients, an attacker can gather enough information to craft a command that reboots the client remotely when sent to the client's Mosquitto broker, aka unauthenticated remote command execution. This command can be re-sent endlessly to act as a DoS attack on the client. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9132 | A hard-coded credentials issue was discovered on Mimosa Client Radios before 2.2.3, Mimosa Backhaul Radios before 2.2.3, and Mimosa Access Points before 2.2.3. These devices run Mosquitto, a lightweight message broker, to send information between devices. By using the vendor's hard-coded credentials to connect to the broker on any device (whether it be an AP, Client, or Backhaul model), an attacker can view all the messages being sent between the devices. If an attacker connects to an AP, the AP will leak information about any clients connected to it, including the serial numbers, which can be used to remotely factory reset the clients via a page in their web interface. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9134 | An information-leakage issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. There is a page in the web interface that will show you the device's serial number, regardless of whether or not you have logged in. This information-leakage issue is relevant because there is another page (accessible without any authentication) that allows you to remotely factory reset the device simply by entering the serial number. | MEDIUM | May 21, 2017 | n/a |
CVE-2017-9140 | Cross-site scripting (XSS) vulnerability in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9141 | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9142 | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9143 | In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9144 | In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9146 | The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9147 | LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9149 | Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform Clean metadata actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which cleaning had been attempted. | MEDIUM | May 22, 2017 | n/a |
CVE-2017-9154 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:16:11. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9155 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the input_pnm_reader function in input-pnm.c:243:3. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9156 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9157 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9158 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9159 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15. | MEDIUM | May 23, 2017 | n/a |
CVE-2017-9174 | libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid read and SEGV), related to the GET_COLOR function in color.c:21:23. | MEDIUM | May 23, 2017 | n/a |