CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2017-11392 77 Exec Code 2017-08-03 2017-08-05
6.5
None Remote Low ??? Partial Partial Partial
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
402 CVE-2017-11391 77 Exec Code 2017-08-03 2017-08-07
6.5
None Remote Low ??? Partial Partial Partial
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
403 CVE-2017-11390 611 2017-08-02 2017-08-04
5.0
None Remote Low Not required Partial None None
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
404 CVE-2017-11389 22 Exec Code Dir. Trav. 2017-08-02 2017-08-06
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution by attackers able to drop arbitrary files in a web-facing directory. Formerly ZDI-CAN-4684.
405 CVE-2017-11388 89 Exec Code Sql 2017-08-02 2017-08-06
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
406 CVE-2017-11387 200 Bypass +Info 2017-08-02 2017-08-06
5.0
None Remote Low Not required Partial None None
Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-CAN-4512.
407 CVE-2017-11386 89 Exec Code Sql 2017-08-02 2017-08-06
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x4707 due to lack of proper user input validation in cmdHandlerNewReportScheduler.dll. Formerly ZDI-CAN-4549.
408 CVE-2017-11385 89 Exec Code Sql 2017-08-02 2017-08-06
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545.
409 CVE-2017-11384 89 Exec Code Sql 2017-08-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.
410 CVE-2017-11383 89 Exec Code Sql 2017-08-02 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
411 CVE-2017-11382 668 DoS 2017-08-03 2019-10-03
6.4
None Remote Low Not required None Partial Partial
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350.
412 CVE-2017-11381 78 2017-08-01 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.
413 CVE-2017-11380 798 2017-08-01 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1.
414 CVE-2017-11379 345 2017-08-01 2017-08-07
5.0
None Remote Low Not required None Partial None
Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.
415 CVE-2017-11368 617 2017-08-09 2020-01-21
4.0
None Remote Low ??? None None Partial
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
416 CVE-2017-11366 78 Exec Code 2017-08-21 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type.
417 CVE-2017-11364 295 2017-08-02 2017-08-04
6.5
None Remote Low ??? Partial Partial Partial
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
418 CVE-2017-11357 20 Exec Code 2017-08-23 2018-01-28
7.5
None Remote Low Not required Partial Partial Partial
Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
419 CVE-2017-11356 200 +Info 2017-08-02 2017-09-08
4.0
None Remote Low ??? Partial None None
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
420 CVE-2017-11355 79 XSS 2017-08-02 2017-09-08
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
421 CVE-2017-11334 125 DoS 2017-08-02 2020-11-10
2.1
None Local Low Not required None None Partial
The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
422 CVE-2017-11323 119 Exec Code Overflow 2017-08-19 2021-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
423 CVE-2017-11320 79 XSS 2017-08-03 2017-08-12
4.3
None Remote Medium Not required None Partial None
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
424 CVE-2017-11317 326 Exec Code 2017-08-23 2020-10-20
7.5
None Remote Low Not required Partial Partial Partial
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
425 CVE-2017-11280 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
426 CVE-2017-11279 416 Exec Code 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
427 CVE-2017-11278 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
428 CVE-2017-11277 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
429 CVE-2017-11276 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
430 CVE-2017-11275 119 Exec Code Overflow 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
431 CVE-2017-11274 416 Exec Code 2017-08-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
432 CVE-2017-11272 200 Bypass +Info 2017-08-11 2017-08-16
5.0
None Remote Low Not required Partial None None
Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability.
433 CVE-2017-11271 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.
434 CVE-2017-11270 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.
435 CVE-2017-11269 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.
436 CVE-2017-11268 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.
437 CVE-2017-11267 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.
438 CVE-2017-11265 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-10-03
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.
439 CVE-2017-11263 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.
440 CVE-2017-11262 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.
441 CVE-2017-11261 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.
442 CVE-2017-11260 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.
443 CVE-2017-11259 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
444 CVE-2017-11258 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-10-03
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution.
445 CVE-2017-11257 704 Exec Code 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
446 CVE-2017-11256 416 Exec Code 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
447 CVE-2017-11255 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-10-03
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution.
448 CVE-2017-11254 416 Exec Code 2017-08-11 2019-03-14
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.
449 CVE-2017-11252 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-10-03
4.3
None Remote Medium Not required Partial None None
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution.
450 CVE-2017-11251 119 Exec Code Overflow Mem. Corr. 2017-08-11 2019-03-14
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.