CVE List - 2017 / August
Showing 1301 - 1400 of 1540 CVEs for August 2017 (Page 14 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-12953 | 2017-08-28 | The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file. |
| CVE-2017-12954 | 2017-08-28 | The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file. |
| CVE-2017-13712 | 2017-08-28 | NULL Pointer Dereference in the id3v2AddAudioDuration function in libmp3lame/id3tag.c in LAME 3.99.5 allows attackers to perform Denial of Service by triggering a NULL first argument. |
| CVE-2017-6594 | 2017-08-28 | The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the... |
| CVE-2017-9978 | 2017-08-28 | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An... |
| CVE-2017-9979 | 2017-08-28 | On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response... |
| CVE-2017-12076 | 2017-08-28 | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack. |
| CVE-2017-12077 | 2017-08-28 | Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service... |
| CVE-2017-3735 | 2017-08-28 | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug... |
| CVE-2014-8393 | 2017-08-28 | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. |
| CVE-2014-8872 | 2017-08-28 | Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. |
| CVE-2015-0234 | 2017-08-28 | Multiple temporary file creation vulnerabilities in pki-core 10.2.0. |
| CVE-2017-10812 | 2017-08-28 | Untrusted search path vulnerability in Photo Collection PC Software Ver.4.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-10826 | 2017-08-28 | Untrusted search path vulnerability in Security Kinou Mihariban v1.0.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-10827 | 2017-08-28 | Untrusted search path vulnerability in Flets Azukeru for Windows Auto Backup Tool v1.0.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-10828 | 2017-08-28 | Untrusted search path vulnerability in Flets Install Tool all versions distributed through the website till 2017 August 8 allows an attacker to gain privileges via a Trojan horse DLL in... |
| CVE-2017-10830 | 2017-08-28 | Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-10831 | 2017-08-28 | Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a... |
| CVE-2017-10832 | 2017-08-28 | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
| CVE-2017-10833 | 2017-08-28 | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors. |
| CVE-2017-10834 | 2017-08-28 | Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. |
| CVE-2017-10835 | 2017-08-28 | "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. |
| CVE-2017-10836 | 2017-08-28 | Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-10837 | 2017-08-28 | Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-10838 | 2017-08-28 | Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-10839 | 2017-08-28 | SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2017-10840 | 2017-08-28 | Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-10841 | 2017-08-28 | Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors. |
| CVE-2017-10842 | 2017-08-28 | SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2017-10843 | 2017-08-28 | baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form. |
| CVE-2017-10844 | 2017-08-28 | baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. |
| CVE-2017-13715 | 2017-08-28 | The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of... |
| CVE-2017-2242 | 2017-08-28 | Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2254 | 2017-08-28 | Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input |
| CVE-2017-2255 | 2017-08-28 | Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space". |
| CVE-2017-2256 | 2017-08-28 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo". |
| CVE-2017-2257 | 2017-08-28 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. |
| CVE-2017-2258 | 2017-08-28 | Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". |
| CVE-2016-2970 | 2017-08-28 | IBM Sametime 8.5 and 9.0 meetings server may provide detailed information in an error message that may provide details about the application to possible attackers. IBM X-Force ID: 113851. |
| CVE-2016-9732 | 2017-08-28 | IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2017-1110 | 2017-08-28 | IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an unspecified vulnerability that could allow an authenticated user to view the incidents of a higher privileged user. IBM... |
| CVE-2017-1376 | 2017-08-28 | A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges. IBM X-Force ID: 126873. |
| CVE-2017-1489 | 2017-08-28 | IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an... |
| CVE-2017-3746 | 2017-08-28 | ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with... |
| CVE-2017-3757 | 2017-08-28 | An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with... |
| CVE-2015-8300 | 2017-08-28 | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file. |
| CVE-2015-8332 | 2017-08-28 | Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as... |
| CVE-2017-13716 | 2017-08-28 | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash)... |
| CVE-2017-13685 | 2017-08-29 | The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. |
| CVE-2017-13726 | 2017-08-29 | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of... |
| CVE-2017-13727 | 2017-08-29 | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of... |
| CVE-2017-13728 | 2017-08-29 | There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-13729 | 2017-08-29 | There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. |
| CVE-2017-13730 | 2017-08-29 | There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. |
| CVE-2017-13731 | 2017-08-29 | There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. |
| CVE-2017-13732 | 2017-08-29 | There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. |
| CVE-2017-13733 | 2017-08-29 | There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. |
| CVE-2017-13734 | 2017-08-29 | There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. |
| CVE-2017-13736 | 2017-08-29 | There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. |
| CVE-2017-13737 | 2017-08-29 | There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. |
| CVE-2017-13738 | 2017-08-29 | There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0. |
| CVE-2017-13739 | 2017-08-29 | There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to... |
| CVE-2017-13740 | 2017-08-29 | There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact. |
| CVE-2017-13741 | 2017-08-29 | There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. |
| CVE-2017-13742 | 2017-08-29 | There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack. |
| CVE-2017-13743 | 2017-08-29 | There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack. |
| CVE-2017-13744 | 2017-08-29 | There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0. |
| CVE-2017-13745 | 2017-08-29 | There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams... |
| CVE-2017-13746 | 2017-08-29 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| CVE-2017-13747 | 2017-08-29 | There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| CVE-2017-13748 | 2017-08-29 | There are lots of memory leaks in JasPer 2.0.12, triggered in the function jas_strdup() in base/jas_string.c, that will lead to a remote denial of service attack. |
| CVE-2017-13749 | 2017-08-29 | There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| CVE-2017-13750 | 2017-08-29 | There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| CVE-2017-13751 | 2017-08-29 | There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| CVE-2017-13752 | 2017-08-29 | There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. |
| CVE-2017-13735 | 2017-08-29 | There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. |
| CVE-2017-10950 | 2017-08-29 | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2017-10951 | 2017-08-29 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2017-10952 | 2017-08-29 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit... |
| CVE-2015-3653 | 2017-08-29 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial... |
| CVE-2015-3654 | 2017-08-29 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649. |
| CVE-2015-3655 | 2017-08-29 | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement... |
| CVE-2015-3656 | 2017-08-29 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. |
| CVE-2015-3657 | 2017-08-29 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. |
| CVE-2015-4649 | 2017-08-29 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. |
| CVE-2015-5209 | 2017-08-29 | Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. |
| CVE-2015-6588 | 2017-08-29 | Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. |
| CVE-2015-6942 | 2017-08-29 | Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. |
| CVE-2015-7255 | 2017-08-29 | ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information... |
| CVE-2015-7517 | 2017-08-29 | Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php... |
| CVE-2015-8299 | 2017-08-29 | Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. |
| CVE-2015-8334 | 2017-08-29 | SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. |
| CVE-2017-11455 | 2017-08-29 | diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack... |
| CVE-2017-12422 | 2017-08-29 | NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors. |
| CVE-2017-12763 | 2017-08-29 | An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. |
| CVE-2017-12775 | 2017-08-29 | qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. |
| CVE-2017-12797 | 2017-08-29 | Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file,... |
| CVE-2017-12856 | 2017-08-29 | Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php. |
| CVE-2017-12867 | 2017-08-29 | The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. |
| CVE-2017-12875 | 2017-08-29 | The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. |