CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2017-8264 400 DoS 2017-08-11 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel.
902 CVE-2017-8263 2017-08-18 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.
903 CVE-2017-8262 362 2017-08-18 2017-08-23
7.6
None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.
904 CVE-2017-8261 2017-08-18 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.
905 CVE-2017-8260 20 2017-08-18 2018-03-07
6.8
None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
906 CVE-2017-8259 120 Overflow 2017-08-11 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer.
907 CVE-2017-8258 200 +Info 2017-08-11 2017-08-16
4.3
None Remote Medium Not required Partial None None
An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver.
908 CVE-2017-8257 362 2017-08-18 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.
909 CVE-2017-8256 125 2017-08-18 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.
910 CVE-2017-8255 190 Overflow 2017-08-18 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.
911 CVE-2017-8254 200 +Info 2017-08-18 2017-08-23
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
912 CVE-2017-8253 770 2017-08-18 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.
913 CVE-2017-8248 119 Overflow 2017-08-16 2018-12-07
10.0
None Remote Low Not required Complete Complete Complete
A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.
914 CVE-2017-8243 119 Overflow 2017-08-16 2017-08-20
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.
915 CVE-2017-8037 200 +Info 2017-08-21 2019-03-22
5.0
None Remote Low Not required Partial None None
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation, aka an Information Leak / Disclosure.
916 CVE-2017-7936 119 Overflow 2017-08-07 2019-10-09
4.4
None Local Medium Not required Partial Partial Partial
A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory.
917 CVE-2017-7934 287 2017-08-25 2019-10-09
4.3
None Remote Medium Not required None None Partial
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner.
918 CVE-2017-7932 295 Bypass 2017-08-07 2019-10-09
4.4
None Local Medium Not required Partial Partial Partial
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
919 CVE-2017-7930 287 2017-08-25 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective.
920 CVE-2017-7928 2017-08-07 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.
921 CVE-2017-7926 352 CSRF 2017-08-25 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized cross-site request is sent from a browser the server has previously authenticated.
922 CVE-2017-7920 287 2017-08-07 2019-10-09
5.0
None Remote Low Not required Partial None None
An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating.
923 CVE-2017-7916 269 +Priv 2017-08-07 2019-10-09
4.0
None Remote Low ??? Partial None None
A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. The web application does not properly restrict privileges of the Guest account. A malicious user may be able to gain access to configuration information that should be restricted.
924 CVE-2017-7890 200 +Info 2017-08-02 2018-05-04
4.3
None Remote Medium Not required Partial None None
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.
925 CVE-2017-7855 79 XSS 2017-08-31 2017-09-05
4.3
None Remote Medium Not required None Partial None
In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter.
926 CVE-2017-7737 200 +Info 2017-08-10 2019-10-03
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
927 CVE-2017-7693 22 Dir. Trav. 2017-08-26 2017-09-02
6.8
None Remote Low ??? Complete None None
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
928 CVE-2017-7675 22 Dir. Trav. Bypass 2017-08-11 2019-06-12
5.0
None Remote Low Not required Partial None None
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
929 CVE-2017-7674 345 2017-08-11 2019-04-15
4.3
None Remote Medium Not required None Partial None
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
930 CVE-2017-7642 426 +Priv 2017-08-02 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
931 CVE-2017-7557 352 CSRF 2017-08-22 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
932 CVE-2017-7556 352 CSRF 2017-08-17 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.
933 CVE-2017-7555 119 Exec Code Overflow 2017-08-17 2017-12-09
7.5
None Remote Low Not required Partial Partial Partial
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
934 CVE-2017-7551 640 2017-08-16 2018-01-05
5.0
None Remote Low Not required Partial None None
389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.
935 CVE-2017-7548 DoS 2017-08-16 2019-10-03
4.0
None Remote Low ??? None Partial None
PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service.
936 CVE-2017-7547 2017-08-16 2019-10-03
4.0
None Remote Low ??? Partial None None
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
937 CVE-2017-7546 287 2017-08-16 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.
938 CVE-2017-7533 362 DoS +Priv Mem. Corr. 2017-08-05 2018-01-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
939 CVE-2017-7442 22 Exec Code Dir. Trav. 2017-08-03 2020-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
940 CVE-2017-7424 22 Dir. Trav. 2017-08-21 2019-10-09
4.0
None Remote Low ??? Partial None None
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
941 CVE-2017-7423 352 CSRF 2017-08-21 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
942 CVE-2017-7422 79 XSS Bypass 2017-08-21 2019-10-09
3.5
None Remote Medium ??? None Partial None
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.
943 CVE-2017-7421 79 XSS Bypass 2017-08-21 2019-10-09
4.3
None Remote Medium Not required None Partial None
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.
944 CVE-2017-7420 287 Bypass 2017-08-21 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).
945 CVE-2017-7364 416 2017-08-18 2017-08-22
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
946 CVE-2017-7278 2017-08-18 2017-08-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors.
947 CVE-2017-6873 2017-08-08 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp.
948 CVE-2017-6872 668 2017-08-08 2019-10-09
6.4
None Remote Low Not required Partial Partial None
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.
949 CVE-2017-6871 287 Bypass 2017-08-08 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.
950 CVE-2017-6870 2017-08-08 2019-10-09
5.8
None Remote Medium Not required Partial Partial None
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.