CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2017-12583 79 XSS 2017-08-06 2017-08-15
4.3
None Remote Medium Not required None Partial None
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
302 CVE-2017-12582 862 2017-08-18 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveillance Station.
303 CVE-2017-12581 78 Exec Code Bypass 2017-08-06 2017-08-14
9.3
None Remote Medium Not required Complete Complete Complete
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.
304 CVE-2017-12572 79 XSS 2017-08-05 2017-08-15
3.5
None Remote Medium ??? None Partial None
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104.
305 CVE-2017-12568 DoS 2017-08-06 2019-10-03
7.8
None Remote Low Not required None None Complete
Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets.
306 CVE-2017-12567 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
307 CVE-2017-12566 772 DoS 2017-08-05 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage in svg.c.
308 CVE-2017-12565 772 DoS 2017-08-05 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
309 CVE-2017-12564 772 DoS 2017-08-05 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
310 CVE-2017-12563 770 DoS 2017-08-05 2020-09-08
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in the function ReadPSDImage in coders/psd.c, which allows attackers to cause a denial of service.
311 CVE-2017-12562 119 DoS Overflow 2017-08-05 2018-12-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
312 CVE-2017-12482 119 DoS Overflow 2017-08-04 2019-07-21
6.8
None Remote Medium Not required Partial Partial Partial
The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
313 CVE-2017-12481 119 DoS Overflow 2017-08-04 2019-07-21
6.8
None Remote Medium Not required Partial Partial Partial
The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
314 CVE-2017-12480 426 2017-08-06 2017-08-14
6.8
None Remote Medium Not required Partial Partial Partial
Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory.
315 CVE-2017-12479 Exec Code 2017-08-07 2021-12-06
9.0
None Remote Low ??? Complete Complete Complete
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.
316 CVE-2017-12478 287 Exec Code Bypass 2017-08-07 2021-12-16
10.0
None Remote Low Not required Complete Complete Complete
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
317 CVE-2017-12477 287 Exec Code Bypass 2017-08-07 2021-12-16
10.0
None Remote Low Not required Complete Complete Complete
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
318 CVE-2017-12459 787 Exec Code 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file.
319 CVE-2017-12458 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.
320 CVE-2017-12457 476 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The bfd_make_section_with_flags function in section.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a NULL dereference via a crafted file.
321 CVE-2017-12456 125 2017-08-04 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file.
322 CVE-2017-12455 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The evax_bfd_print_emh function in vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
323 CVE-2017-12454 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an arbitrary memory read via a crafted vms alpha file.
324 CVE-2017-12453 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms alpha file.
325 CVE-2017-12452 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted mach-o file.
326 CVE-2017-12451 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff64-rs6000.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds stack read via a crafted COFF image file.
327 CVE-2017-12450 787 Exec Code 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted vms alpha file.
328 CVE-2017-12449 125 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_vms_save_sized_string function in vms-misc.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted vms file.
329 CVE-2017-12448 416 Exec Code 2017-08-04 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c.
330 CVE-2017-12445 125 DoS 2017-08-17 2017-08-23
4.3
None Remote Medium Not required None None Partial
The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
331 CVE-2017-12444 125 DoS 2017-08-17 2017-08-23
4.3
None Remote Medium Not required None None Partial
The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
332 CVE-2017-12443 125 DoS 2017-08-17 2017-08-23
4.3
None Remote Medium Not required None None Partial
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
333 CVE-2017-12442 125 DoS 2017-08-17 2017-08-23
4.3
None Remote Medium Not required None None Partial
The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
334 CVE-2017-12441 125 DoS 2017-08-17 2017-08-23
4.3
None Remote Medium Not required None None Partial
The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
335 CVE-2017-12440 306 2017-08-18 2019-10-03
6.0
None Remote Medium ??? Partial Partial Partial
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
336 CVE-2017-12439 352 XSS 2017-08-05 2020-08-19
5.1
None Remote High Not required Partial Partial Partial
SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, cross site scripting, and unvalidated redirection issues.
337 CVE-2017-12435 770 DoS 2017-08-04 2020-09-08
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service.
338 CVE-2017-12434 617 DoS 2017-08-04 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c.
339 CVE-2017-12433 772 DoS 2017-08-04 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.
340 CVE-2017-12432 770 DoS 2017-08-04 2019-10-03
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadPCXImage in coders/pcx.c, which allows attackers to cause a denial of service.
341 CVE-2017-12431 416 DoS 2017-08-04 2018-06-14
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service.
342 CVE-2017-12430 770 DoS 2017-08-04 2020-09-08
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service.
343 CVE-2017-12429 770 DoS 2017-08-04 2020-09-08
7.8
None Remote Low Not required None None Complete
In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service.
344 CVE-2017-12428 772 DoS 2017-08-04 2019-10-03
5.0
None Remote Low Not required None None Partial
In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service in CloneDrawInfo in draw.c.
345 CVE-2017-12427 772 DoS 2017-08-04 2019-10-03
4.3
None Remote Medium Not required None None Partial
The ProcessMSLScript function in coders/msl.c in ImageMagick before 6.9.9-5 and 7.x before 7.0.6-5 allows remote attackers to cause a denial of service (memory leak) via a crafted file, related to the WriteMSLImage function.
346 CVE-2017-12426 20 Exec Code 2017-08-14 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
347 CVE-2017-12425 190 Overflow 2017-08-04 2017-11-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases.
348 CVE-2017-12424 119 Overflow Mem. Corr. 2017-08-04 2021-03-23
7.5
None Remote Low Not required Partial Partial Partial
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.
349 CVE-2017-12422 269 2017-08-29 2019-10-03
4.0
None Remote Low ??? None None Partial
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.
350 CVE-2017-12420 119 DoS Exec Code Overflow 2017-08-18 2017-08-26
6.5
None Remote Low ??? Partial Partial Partial
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.