CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2017-12855 200 +Info 2017-08-15 2017-11-15
2.1
None Local Low Not required Partial None None
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
202 CVE-2017-12853 352 CSRF 2017-08-14 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
203 CVE-2017-12852 835 2017-08-15 2019-10-03
5.0
None Remote Low Not required None None Partial
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
204 CVE-2017-12851 640 2017-08-14 2017-08-24
4.0
None Remote Low ??? Partial None None
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
205 CVE-2017-12850 640 2017-08-14 2017-08-24
4.0
None Remote Low ??? Partial None None
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
206 CVE-2017-12847 665 Exec Code 2017-08-23 2019-10-03
6.3
None Local Medium Not required None Complete Complete
Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for nagios.lock modification before a root script executes a "kill `cat /pathname/nagios.lock`" command.
207 CVE-2017-12844 79 XSS 2017-08-23 2017-08-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name.
208 CVE-2017-12843 20 2017-08-22 2017-08-26
4.0
None Remote Low ??? None Partial None
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
209 CVE-2017-12840 119 Overflow 2017-08-28 2017-09-08
7.2
None Local Low Not required Complete Complete Complete
A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the kernel driver failing to allocate sufficient memory on the kernel heap to contain a user supplied string as such the string is copied into a buffer of constant size (0x1000-bytes) and thus an overflow condition results. Access to the kernel driver is permitted through an obfuscated interface whereby bytes of user supplied message are "authenticated" via an obfuscation routine employing a linear equation.
210 CVE-2017-12836 Exec Code 2017-08-24 2019-10-03
5.1
None Remote High Not required Partial Partial Partial
CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
211 CVE-2017-12817 311 2017-08-25 2021-06-17
5.0
None Remote Low Not required Partial None None
In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.
212 CVE-2017-12816 732 2017-08-25 2021-06-17
7.5
None Remote Low Not required Partial Partial Partial
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.
213 CVE-2017-12809 476 DoS 2017-08-23 2020-11-10
2.1
None Local Low Not required None None Partial
QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.
214 CVE-2017-12799 119 DoS Overflow 2017-08-10 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
215 CVE-2017-12798 79 XSS 2017-08-10 2017-08-18
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
216 CVE-2017-12797 190 DoS Overflow 2017-08-29 2017-09-06
4.3
None Remote Medium Not required None None Partial
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
217 CVE-2017-12791 22 Dir. Trav. 2017-08-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.
218 CVE-2017-12787 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
219 CVE-2017-12786 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
220 CVE-2017-12785 119 Exec Code Overflow +Priv 2017-08-22 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
221 CVE-2017-12784 20 2017-08-21 2017-08-25
5.0
None Remote Low Not required None None Partial
In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID for a NoviWare issue, but the correct ID for that issue is CVE-2017-12787.
222 CVE-2017-12777 79 XSS 2017-08-09 2017-08-30
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
223 CVE-2017-12776 89 Exec Code Sql 2017-08-18 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
224 CVE-2017-12775 20 2017-08-29 2017-09-05
5.0
None Remote Low Not required None Partial None
qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.
225 CVE-2017-12774 89 Sql 2017-08-09 2017-08-24
7.5
None Remote Low Not required Partial Partial Partial
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
226 CVE-2017-12763 276 +Priv 2017-08-29 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
227 CVE-2017-12762 119 Overflow 2017-08-09 2018-04-06
10.0
None Remote Low Not required Complete Complete Complete
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
228 CVE-2017-12756 77 2017-08-09 2017-08-20
6.5
None Remote Low ??? Partial Partial Partial
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.
229 CVE-2017-12754 119 Exec Code Overflow 2017-08-09 2020-05-27
6.5
None Remote Low ??? Partial Partial Partial
Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.
230 CVE-2017-12735 300 2017-08-30 2020-12-23
5.8
None Remote Medium Not required Partial Partial None
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.
231 CVE-2017-12734 895 2017-08-30 2022-01-04
5.0
None Remote Low Not required Partial None None
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V1.81.2). An attacker with network access to the integrated web server on port 80/tcp could obtain the session ID of an active user session. A user must be logged in to the web interface. Siemens recommends to use the integrated webserver on port 80/tcp only in trusted networks.
232 CVE-2017-12717 427 Exec Code 2017-08-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An Uncontrolled Search Path Element issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A maliciously crafted dll file placed earlier in the search path may allow an attacker to execute code within the context of the application.
233 CVE-2017-12713 732 2017-08-30 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
An Incorrect Permission Assignment for Critical Resource issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Multiple files and folders with ACLs that affect other users are allowed to be modified by non-administrator accounts.
234 CVE-2017-12711 2017-08-30 2019-10-09
4.6
None Local Low Not required Partial Partial Partial
An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to elevate to administrative privileges.
235 CVE-2017-12710 89 Sql +Info 2017-08-30 2017-11-10
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.
236 CVE-2017-12709 798 2017-08-25 2019-10-09
2.1
None Local Low Not required Partial None None
A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device.
237 CVE-2017-12708 119 Exec Code Overflow 2017-08-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash.
238 CVE-2017-12707 119 Overflow 2017-08-25 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
239 CVE-2017-12706 119 Exec Code Overflow 2017-08-30 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
240 CVE-2017-12704 119 Exec Code Overflow 2017-08-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.
241 CVE-2017-12703 352 CSRF 2017-08-25 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server.
242 CVE-2017-12702 134 Exec Code 2017-08-30 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, which could allow an attacker to execute arbitrary code.
243 CVE-2017-12698 287 Exec Code Bypass 2017-08-30 2019-10-09
7.5
None Remote Low Not required Partial Partial Partial
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.
244 CVE-2017-12694 22 Dir. Trav. 2017-08-25 2019-10-09
5.0
None Remote Low Not required Partial None None
A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files.
245 CVE-2017-12680 79 XSS 2017-08-18 2017-08-23
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
246 CVE-2017-12679 89 Sql 2017-08-24 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
247 CVE-2017-12678 434 DoS 2017-08-08 2021-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
248 CVE-2017-12677 79 XSS +Info 2017-08-08 2017-08-16
4.3
None Remote Medium Not required None Partial None
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.
249 CVE-2017-12676 20 DoS 2017-08-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
250 CVE-2017-12675 772 DoS 2017-08-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.