CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2017-12674 834 DoS 2017-08-07 2020-09-08
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
252 CVE-2017-12673 772 DoS 2017-08-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
253 CVE-2017-12672 772 DoS 2017-08-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
254 CVE-2017-12671 416 DoS 2017-08-07 2017-11-07
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
255 CVE-2017-12670 20 DoS 2017-08-07 2020-09-08
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
256 CVE-2017-12669 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
257 CVE-2017-12668 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
258 CVE-2017-12667 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
259 CVE-2017-12666 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
260 CVE-2017-12665 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
261 CVE-2017-12664 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
262 CVE-2017-12663 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
263 CVE-2017-12662 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
264 CVE-2017-12655 79 XSS 2017-08-07 2017-08-15
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
265 CVE-2017-12654 772 DoS 2017-08-07 2019-10-03
4.3
None Remote Medium Not required None None Partial
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
266 CVE-2017-12653 427 2017-08-07 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
267 CVE-2017-12651 352 CSRF 2017-08-07 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.
268 CVE-2017-12650 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
269 CVE-2017-12649 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
270 CVE-2017-12648 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
271 CVE-2017-12647 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
272 CVE-2017-12646 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
273 CVE-2017-12645 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
274 CVE-2017-12644 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
275 CVE-2017-12643 770 2017-08-07 2020-10-14
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
276 CVE-2017-12642 772 2017-08-07 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c.
277 CVE-2017-12641 772 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c.
278 CVE-2017-12640 125 2017-08-07 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c.
279 CVE-2017-12637 22 Dir. Trav. 2017-08-07 2021-04-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
280 CVE-2017-12606 787 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.
281 CVE-2017-12605 787 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.
282 CVE-2017-12604 787 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.
283 CVE-2017-12603 787 Overflow 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
284 CVE-2017-12602 DoS 2017-08-07 2019-10-03
7.8
None Remote Low Not required None None Complete
OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.
285 CVE-2017-12601 120 Overflow 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.
286 CVE-2017-12600 DoS 2017-08-07 2019-10-03
7.8
None Remote Low Not required None None Complete
OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.
287 CVE-2017-12599 125 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the function icvCvt_BGRA2BGR_8u_C4C3R when reading an image file by using cv::imread.
288 CVE-2017-12598 125 2017-08-07 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case.
289 CVE-2017-12597 787 2017-08-07 2021-11-29
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.
290 CVE-2017-12596 125 DoS Exec Code 2017-08-07 2020-08-30
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.
291 CVE-2017-12595 20 DoS 2017-08-27 2018-05-08
6.8
None Remote Medium Not required Partial Partial Partial
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
292 CVE-2017-12593 352 CSRF 2017-08-18 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.
293 CVE-2017-12592 2017-08-18 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges.
294 CVE-2017-12591 79 XSS 2017-08-18 2017-08-24
3.5
None Remote Medium ??? None Partial None
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.
295 CVE-2017-12589 352 CSRF 2017-08-18 2017-08-26
6.8
None Remote Medium Not required Partial Partial Partial
ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack.
296 CVE-2017-12588 134 2017-08-06 2017-08-14
7.5
None Remote Low Not required Partial Partial Partial
The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.
297 CVE-2017-12587 834 2017-08-06 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage function in coders\pwp.c.
298 CVE-2017-12586 22 Dir. Trav. 2017-08-06 2017-08-14
4.0
None Remote Low ??? Partial None None
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.
299 CVE-2017-12585 89 Sql 2017-08-06 2017-08-14
6.5
None Remote Low ??? Partial Partial Partial
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users.
300 CVE-2017-12584 352 CSRF 2017-08-06 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.