Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-14931 |
ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14930 |
Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 7.1 HIGH |
CVE-2017-14929 |
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14928 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14927 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14926 |
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14925 |
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. For example, an attacker could assign administrator privileges to every unauthenticated user of the site. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 8.0 HIGH V2.0: 6.0 MEDIUM |
CVE-2017-14924 |
Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. Published: September 29, 2017; 9:29:02 PM -0400 |
V3.0: 8.0 HIGH V2.0: 6.0 MEDIUM |
CVE-2017-14923 |
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-14922 |
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-14921 |
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-14920 |
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14738 |
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-14702 |
ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-14620 |
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14582 |
The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14352 |
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow cross-site scripting. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-14351 |
A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow code execution. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-14350 |
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-14349 |
An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data. Published: September 29, 2017; 9:29:01 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |