CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2017-12952 476 DoS 2017-08-28 2017-09-06
4.3
None Remote Medium Not required None None Partial
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
152 CVE-2017-12951 125 DoS 2017-08-28 2019-10-03
4.3
None Remote Medium Not required None None Partial
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
153 CVE-2017-12950 476 DoS 2017-08-28 2020-03-09
4.3
None Remote Medium Not required None None Partial
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
154 CVE-2017-12949 89 Sql CSRF 2017-08-18 2017-08-24
6.5
None Remote Low ??? Partial Partial Partial
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
155 CVE-2017-12948 79 XSS 2017-08-18 2017-08-22
4.3
None Remote Medium Not required None Partial None
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
156 CVE-2017-12947 89 Sql 2017-08-18 2017-08-22
6.5
None Remote Low ??? Partial Partial Partial
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
157 CVE-2017-12946 89 Sql 2017-08-18 2017-08-22
6.5
None Remote Low ??? Partial Partial Partial
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators.
158 CVE-2017-12944 770 DoS 2017-08-18 2019-10-03
5.0
None Remote Low Not required None None Partial
The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in the TIFFFetchStripThing function in tif_dirread.c during a tiff2pdf invocation.
159 CVE-2017-12943 22 Dir. Trav. 2017-08-18 2017-09-14
5.0
None Remote Low Not required Partial None None
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
160 CVE-2017-12942 119 Overflow 2017-08-18 2018-06-16
7.5
None Remote Low Not required Partial Partial Partial
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
161 CVE-2017-12941 125 2017-08-18 2018-06-16
7.5
None Remote Low Not required Partial Partial Partial
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
162 CVE-2017-12940 125 2017-08-18 2018-06-16
7.5
None Remote Low Not required Partial Partial Partial
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
163 CVE-2017-12939 20 Exec Code 2017-08-18 2017-09-13
7.5
None Remote Low Not required Partial Partial Partial
A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.
164 CVE-2017-12938 22 Dir. Trav. Bypass 2017-08-18 2017-08-29
5.0
None Remote Low Not required Partial None None
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
165 CVE-2017-12937 125 2017-08-18 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read.
166 CVE-2017-12936 416 2017-08-18 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting.
167 CVE-2017-12935 125 2017-08-18 2019-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.
168 CVE-2017-12934 416 2017-08-18 2018-05-04
5.0
None Remote Low Not required None Partial None
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
169 CVE-2017-12933 125 2017-08-18 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
170 CVE-2017-12932 416 2017-08-18 2018-05-04
7.5
None Remote Low Not required Partial Partial Partial
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
171 CVE-2017-12927 79 XSS 2017-08-18 2017-08-27
4.3
None Remote Medium Not required None Partial None
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
172 CVE-2017-12925 415 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.
173 CVE-2017-12924 369 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image.
174 CVE-2017-12923 476 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
175 CVE-2017-12922 476 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
176 CVE-2017-12921 476 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
177 CVE-2017-12920 476 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.
178 CVE-2017-12919 119 DoS Overflow 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.
179 CVE-2017-12910 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
180 CVE-2017-12909 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
181 CVE-2017-12908 89 Exec Code Sql 2017-08-17 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
182 CVE-2017-12907 79 XSS 2017-08-17 2017-08-20
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
183 CVE-2017-12904 943 Exec Code 2017-08-23 2020-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL.
184 CVE-2017-12892 426 2017-08-16 2020-08-19
6.8
None Remote Medium Not required Partial Partial Partial
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
185 CVE-2017-12882 79 XSS 2017-08-18 2017-08-24
3.5
None Remote Medium ??? None Partial None
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
186 CVE-2017-12881 352 CSRF 2017-08-18 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability.
187 CVE-2017-12880 2017-08-16 2017-08-16
0.0
None ??? ??? ??? ??? ??? ???
In PyJWT 1.5.0 and below the 'invalid_strings' check in 'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string '-----BEGIN RSA PUBLIC KEY-----' which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
188 CVE-2017-12879 79 XSS 2017-08-24 2017-09-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
189 CVE-2017-12877 416 DoS 2017-08-28 2021-04-28
4.3
None Remote Medium Not required None None Partial
Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
190 CVE-2017-12876 787 DoS Overflow 2017-08-28 2021-04-28
4.3
None Remote Medium Not required None None Partial
Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.
191 CVE-2017-12875 770 DoS 2017-08-29 2020-09-08
7.1
None Remote Medium Not required None None Complete
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
192 CVE-2017-12867 613 2017-08-29 2019-10-03
4.3
None Remote Medium Not required None Partial None
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
193 CVE-2017-12865 119 DoS Exec Code Overflow 2017-08-29 2020-03-05
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
194 CVE-2017-12864 190 DoS Exec Code Overflow 2017-08-15 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
195 CVE-2017-12863 190 DoS Exec Code Overflow 2017-08-15 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
196 CVE-2017-12862 787 DoS Exec Code Overflow 2017-08-15 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
197 CVE-2017-12859 20 DoS 2017-08-18 2017-08-26
4.3
None Remote Medium Not required None None Partial
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
198 CVE-2017-12858 415 2017-08-23 2017-08-26
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
199 CVE-2017-12857 200 +Info 2017-08-25 2017-09-13
4.0
None Remote Low ??? Partial None None
Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote attacker to read a segment of the phone's memory which could contain an administrator's password or other sensitive information.
200 CVE-2017-12856 79 XSS 2017-08-29 2017-09-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.