CVE List - 2017 / August
Showing 201 - 300 of 1540 CVEs for August 2017 (Page 3 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-6752 | 2017-08-07 | A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use... |
| CVE-2017-6754 | 2017-08-07 | A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind... |
| CVE-2017-6756 | 2017-08-07 | A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due... |
| CVE-2017-6757 | 2017-08-07 | A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a... |
| CVE-2017-6758 | 2017-08-07 | A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory... |
| CVE-2017-6759 | 2017-08-07 | A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability... |
| CVE-2017-6761 | 2017-08-07 | A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of... |
| CVE-2017-6762 | 2017-08-07 | A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against... |
| CVE-2017-6763 | 2017-08-07 | A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on... |
| CVE-2017-6764 | 2017-08-07 | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2017-6765 | 2017-08-07 | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against... |
| CVE-2017-6766 | 2017-08-07 | A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspection feature of Cisco Firepower System Software 5.4.0, 5.4.1, 6.0.0, 6.1.0, 6.2.0, 6.2.1, and 6.2.2 could allow an unauthenticated, remote... |
| CVE-2017-6769 | 2017-08-07 | A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against... |
| CVE-2017-6770 | 2017-08-07 | Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the... |
| CVE-2017-6663 | 2017-08-07 | A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system... |
| CVE-2017-7916 | 2017-08-07 | A Permissions, Privileges, and Access Controls issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior.... |
| CVE-2017-7920 | 2017-08-07 | An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a... |
| CVE-2017-7928 | 2017-08-07 | An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not... |
| CVE-2017-7932 | 2017-08-07 | An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX... |
| CVE-2017-7936 | 2017-08-07 | A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX... |
| CVE-2017-9630 | 2017-08-07 | An Improper Authentication issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress... |
| CVE-2017-9632 | 2017-08-07 | A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all... |
| CVE-2017-9647 | 2017-08-07 | A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV... |
| CVE-2017-9633 | 2017-08-07 | An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced... |
| CVE-2017-12477 | 2017-08-07 | It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote... |
| CVE-2017-12478 | 2017-08-07 | It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker... |
| CVE-2017-12479 | 2017-08-07 | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing... |
| CVE-2017-12640 | 2017-08-07 | ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOneMNGImage in coders/png.c. |
| CVE-2017-12641 | 2017-08-07 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage in coders\png.c. |
| CVE-2017-12642 | 2017-08-07 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. |
| CVE-2017-12643 | 2017-08-07 | ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c. |
| CVE-2017-12644 | 2017-08-07 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. |
| CVE-2017-9801 | 2017-08-07 | When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. |
| CVE-2017-12567 | 2017-08-07 | SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. |
| CVE-2016-10404 | 2017-08-07 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. |
| CVE-2017-12645 | 2017-08-07 | XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. |
| CVE-2017-12646 | 2017-08-07 | XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. |
| CVE-2017-12647 | 2017-08-07 | XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. |
| CVE-2017-12648 | 2017-08-07 | XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. |
| CVE-2017-12649 | 2017-08-07 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. |
| CVE-2009-5145 | 2017-08-07 | Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. |
| CVE-2011-5325 | 2017-08-07 | Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. |
| CVE-2014-9260 | 2017-08-07 | The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. |
| CVE-2014-9262 | 2017-08-07 | The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. |
| CVE-2015-1378 | 2017-08-07 | cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. |
| CVE-2015-1555 | 2017-08-07 | Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. |
| CVE-2015-3839 | 2017-08-07 | The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). |
| CVE-2015-7561 | 2017-08-07 | Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. |
| CVE-2015-7875 | 2017-08-07 | ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to... |
| CVE-2015-7887 | 2017-08-07 | NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. |
| CVE-2015-8621 | 2017-08-07 | t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. |
| CVE-2017-12650 | 2017-08-07 | SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. |
| CVE-2017-12651 | 2017-08-07 | Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not... |
| CVE-2017-12654 | 2017-08-07 | The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file. |
| CVE-2017-12653 | 2017-08-07 | 360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory. |
| CVE-2014-1235 | 2017-08-07 | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE:... |
| CVE-2014-3462 | 2017-08-07 | The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". |
| CVE-2014-9827 | 2017-08-07 | coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. |
| CVE-2014-9828 | 2017-08-07 | coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. |
| CVE-2014-9830 | 2017-08-07 | coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. |
| CVE-2014-9831 | 2017-08-07 | coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. |
| CVE-2015-5244 | 2017-08-07 | The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. |
| CVE-2015-5946 | 2017-08-07 | Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. |
| CVE-2015-7571 | 2017-08-07 | Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. |
| CVE-2015-7691 | 2017-08-07 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey... |
| CVE-2015-7692 | 2017-08-07 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to... |
| CVE-2015-7701 | 2017-08-07 | Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). |
| CVE-2015-7702 | 2017-08-07 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to... |
| CVE-2015-7704 | 2017-08-07 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. |
| CVE-2015-7705 | 2017-08-07 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. |
| CVE-2015-7849 | 2017-08-07 | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via... |
| CVE-2015-7850 | 2017-08-07 | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at... |
| CVE-2015-7852 | 2017-08-07 | ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. |
| CVE-2015-7853 | 2017-08-07 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash)... |
| CVE-2015-7854 | 2017-08-07 | Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly... |
| CVE-2015-7855 | 2017-08-07 | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode... |
| CVE-2015-7871 | 2017-08-07 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. |
| CVE-2016-3113 | 2017-08-07 | Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. |
| CVE-2016-6220 | 2017-08-07 | Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0. |
| CVE-2016-7976 | 2017-08-07 | The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams. |
| CVE-2017-12637 | 2017-08-07 | Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited... |
| CVE-2017-12655 | 2017-08-07 | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. |
| CVE-2017-12662 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c. |
| CVE-2017-12663 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c. |
| CVE-2017-12664 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c. |
| CVE-2017-12665 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c. |
| CVE-2017-12666 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c. |
| CVE-2017-12667 | 2017-08-07 | ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c. |
| CVE-2017-12668 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. |
| CVE-2017-12669 | 2017-08-07 | ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c. |
| CVE-2017-12670 | 2017-08-07 | In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service. |
| CVE-2017-12671 | 2017-08-07 | In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of... |
| CVE-2017-12672 | 2017-08-07 | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service. |
| CVE-2017-12673 | 2017-08-07 | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service. |
| CVE-2017-12674 | 2017-08-07 | In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. |
| CVE-2017-12676 | 2017-08-07 | In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service. |
| CVE-2017-12675 | 2017-08-07 | In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a... |
| CVE-2017-6866 | 2017-08-07 | A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access... |
| CVE-2017-6869 | 2017-08-08 | A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with... |
| CVE-2017-6870 | 2017-08-08 | A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within... |