CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2017-11571 119 Exec Code Overflow 2017-07-23 2020-01-13
6.8
None Remote Medium Not required Partial Partial Partial
FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.
202 CVE-2017-11570 125 Exec Code 2017-07-23 2020-01-13
6.8
None Remote Medium Not required Partial Partial Partial
FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.
203 CVE-2017-11569 125 Exec Code 2017-07-23 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file.
204 CVE-2017-11568 125 Exec Code 2017-07-23 2020-01-13
6.8
None Remote Medium Not required Partial Partial Partial
FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.
205 CVE-2017-11566 78 2017-07-25 2021-05-11
7.2
None Local Low Not required Complete Complete Complete
AppUse 4.0 allows shell command injection via a proxy field.
206 CVE-2017-11565 Bypass 2017-07-23 2019-10-03
5.0
None Remote Low Not required None Partial None
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).
207 CVE-2017-11556 674 DoS 2017-07-23 2019-10-03
5.0
None Remote Low Not required None None Partial
There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.
208 CVE-2017-11555 20 DoS 2017-07-23 2017-07-28
5.0
None Remote Low Not required None None Partial
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
209 CVE-2017-11554 674 DoS 2017-07-23 2019-10-03
5.0
None Remote Low Not required None None Partial
There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.
210 CVE-2017-11553 20 DoS 2017-07-23 2017-07-28
5.0
None Remote Low Not required None None Partial
There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.
211 CVE-2017-11551 119 DoS Overflow 2017-07-31 2017-08-02
4.3
None Remote Medium Not required None None Partial
The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.
212 CVE-2017-11550 476 DoS 2017-07-31 2017-08-02
4.3
None Remote Medium Not required None None Partial
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
213 CVE-2017-11549 834 DoS 2017-07-31 2019-10-03
7.1
None Remote Medium Not required None None Complete
The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.
214 CVE-2017-11548 119 DoS Overflow Mem. Corr. 2017-07-31 2020-05-28
4.3
None Remote Medium Not required None None Partial
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
215 CVE-2017-11547 125 DoS 2017-07-31 2017-08-03
4.3
None Remote Medium Not required None None Partial
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.
216 CVE-2017-11546 369 DoS 2017-07-31 2017-08-03
4.3
None Remote Medium Not required None None Partial
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.
217 CVE-2017-11545 20 2017-07-22 2017-07-27
5.0
None Remote Low Not required None None Partial
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34.
218 CVE-2017-11544 20 2017-07-22 2017-07-27
5.0
None Remote Low Not required None None Partial
tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3.
219 CVE-2017-11543 119 Overflow 2017-07-23 2018-05-17
7.5
None Remote Low Not required Partial Partial Partial
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.
220 CVE-2017-11542 125 2017-07-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.
221 CVE-2017-11541 125 2017-07-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.
222 CVE-2017-11540 125 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.
223 CVE-2017-11539 772 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.
224 CVE-2017-11538 772 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c.
225 CVE-2017-11537 682 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation.
226 CVE-2017-11536 772 2017-07-23 2019-10-03
4.3
None Remote Medium Not required Partial None None
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.
227 CVE-2017-11535 125 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.
228 CVE-2017-11534 772 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.
229 CVE-2017-11533 125 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.
230 CVE-2017-11532 772 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c.
231 CVE-2017-11531 772 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.
232 CVE-2017-11530 400 DoS 2017-07-23 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
233 CVE-2017-11529 772 DoS 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
234 CVE-2017-11528 772 DoS 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file.
235 CVE-2017-11527 400 DoS 2017-07-23 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
236 CVE-2017-11526 400 DoS 2017-07-23 2017-07-28
7.1
None Remote Medium Not required None None Complete
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
237 CVE-2017-11525 770 DoS 2017-07-23 2019-10-03
7.1
None Remote Medium Not required None None Complete
The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
238 CVE-2017-11524 617 DoS 2017-07-23 2019-10-03
4.3
None Remote Medium Not required None None Partial
The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.
239 CVE-2017-11523 835 DoS 2017-07-22 2019-10-03
7.1
None Remote Medium Not required None None Complete
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.
240 CVE-2017-11522 476 DoS 2017-07-22 2017-07-27
4.3
None Remote Medium Not required None None Partial
The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
241 CVE-2017-11521 400 DoS 2017-07-22 2021-12-29
5.0
None Remote Low Not required None None Partial
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
242 CVE-2017-11519 335 2017-07-21 2019-10-03
5.0
None Remote Low Not required None Partial None
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
243 CVE-2017-11517 119 Exec Code Overflow 2017-07-21 2017-07-26
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request.
244 CVE-2017-11516 79 XSS 2017-07-21 2017-07-25
4.3
None Remote Medium Not required None Partial None
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.
245 CVE-2017-11505 834 DoS 2017-07-21 2019-10-03
7.1
None Remote Medium Not required None None Complete
The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.
246 CVE-2017-11503 79 XSS 2017-07-20 2019-05-03
4.3
None Remote Medium Not required None Partial None
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
247 CVE-2017-11502 200 +Info 2017-07-20 2017-07-25
5.0
None Remote Low Not required Partial None None
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
248 CVE-2017-11501 295 2017-07-20 2019-05-10
4.3
None Remote Medium Not required None Partial None
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.
249 CVE-2017-11500 22 Dir. Trav. 2017-07-20 2020-03-03
5.0
None Remote Low Not required None Partial None
A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.
250 CVE-2017-11499 20 2017-07-25 2017-12-07
5.0
None Remote Low Not required None None Partial
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup.
Total number of vulnerabilities : 1280   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.