Lista CVE - 2017 / Agosto
Visualizzazione 901 - 1000 di 1540 CVE per Agosto 2017 (Pagina 10 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-6785 | 2017-08-17 | A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another... |
| CVE-2017-6786 | 2017-08-17 | A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is... |
| CVE-2017-6788 | 2017-08-17 | The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user... |
| CVE-2017-6790 | 2017-08-17 | A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition... |
| CVE-2017-12927 | 2017-08-18 | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. |
| CVE-2017-12932 | 2017-08-18 | ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API... |
| CVE-2017-12933 | 2017-08-18 | The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue... |
| CVE-2017-12934 | 2017-08-18 | ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation... |
| CVE-2017-12935 | 2017-08-18 | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. |
| CVE-2017-12936 | 2017-08-18 | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. |
| CVE-2017-12937 | 2017-08-18 | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. |
| CVE-2017-10811 | 2017-08-18 | Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. |
| CVE-2017-10821 | 2017-08-18 | Untrusted search path vulnerability in Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program (program released on 2013 September 30) Distributed on the website until 2017 May 17 allows an... |
| CVE-2017-10822 | 2017-08-18 | Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows... |
| CVE-2017-10823 | 2017-08-18 | Untrusted search path vulnerability in Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program (program released on 2011 March 10) Distributed on the website till 2017 May 17 allows an attacker... |
| CVE-2017-10824 | 2017-08-18 | Untrusted search path vulnerability in TDB CA TypeA use software Version 5.2 and earlier, distributed until 10 August 2017 allows an attacker to gain privileges via a Trojan horse DLL... |
| CVE-2017-12939 | 2017-08-18 | A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4. |
| CVE-2017-2228 | 2017-08-18 | Untrusted search path vulnerability in Teikihoukokusho Sakuseishien Tool v4.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2289 | 2017-08-18 | Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-12938 | 2017-08-18 | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular... |
| CVE-2017-10665 | 2017-08-18 | Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in... |
| CVE-2017-12440 | 2017-08-18 | Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the... |
| CVE-2017-12940 | 2017-08-18 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. |
| CVE-2017-12941 | 2017-08-18 | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. |
| CVE-2017-12942 | 2017-08-18 | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. |
| CVE-2017-7278 | 2017-08-18 | Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors. |
| CVE-2017-9454 | 2017-08-18 | Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response. |
| CVE-2017-12943 | 2017-08-18 | D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password. |
| CVE-2017-12944 | 2017-08-18 | The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service (allocation failure and application crash) in... |
| CVE-2017-1338 | 2017-08-18 | IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2017-1501 | 2017-08-18 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID:... |
| CVE-2015-1817 | 2017-08-18 | Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. |
| CVE-2015-1878 | 2017-08-18 | Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device... |
| CVE-2015-3649 | 2017-08-18 | The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said... |
| CVE-2015-4082 | 2017-08-18 | attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by... |
| CVE-2017-12582 | 2017-08-18 | Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that... |
| CVE-2017-12680 | 2017-08-18 | Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. |
| CVE-2017-12859 | 2017-08-18 | NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. |
| CVE-2017-9767 | 2017-08-18 | Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to... |
| CVE-2017-9816 | 2017-08-18 | Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-7944 | 2017-08-18 | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before... |
| CVE-2015-7945 | 2017-08-18 | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before... |
| CVE-2017-11185 | 2017-08-18 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. |
| CVE-2017-11652 | 2017-08-18 | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. |
| CVE-2017-11653 | 2017-08-18 | Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. |
| CVE-2017-12420 | 2017-08-18 | Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute... |
| CVE-2017-12589 | 2017-08-18 | ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protection against a CSRF attack. |
| CVE-2017-12591 | 2017-08-18 | ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. |
| CVE-2017-12592 | 2017-08-18 | ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnerability. A normal user can escalate its privilege and perform administrative actions. There is no mapping of users with their privileges. |
| CVE-2017-12593 | 2017-08-18 | ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. |
| CVE-2017-12776 | 2017-08-18 | SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. |
| CVE-2017-0687 | 2017-08-18 | A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35583675. |
| CVE-2014-3451 | 2017-08-18 | OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. |
| CVE-2015-2675 | 2017-08-18 | The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running... |
| CVE-2015-4071 | 2017-08-18 | The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}. |
| CVE-2015-4464 | 2017-08-18 | Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. |
| CVE-2015-5057 | 2017-08-18 | Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. |
| CVE-2015-5081 | 2017-08-18 | Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. |
| CVE-2015-5153 | 2017-08-18 | Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. |
| CVE-2016-10390 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. |
| CVE-2017-12881 | 2017-08-18 | Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the... |
| CVE-2017-12882 | 2017-08-18 | Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. |
| CVE-2014-9411 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. |
| CVE-2014-9968 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. |
| CVE-2014-9969 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. |
| CVE-2014-9971 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control... |
| CVE-2014-9972 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. |
| CVE-2014-9973 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. |
| CVE-2014-9974 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. |
| CVE-2014-9975 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. |
| CVE-2014-9976 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. |
| CVE-2014-9977 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. |
| CVE-2014-9978 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. |
| CVE-2014-9979 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. |
| CVE-2014-9980 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. |
| CVE-2014-9981 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. |
| CVE-2015-0574 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. |
| CVE-2015-0575 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. |
| CVE-2015-0576 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. |
| CVE-2015-8592 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. |
| CVE-2015-8593 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. |
| CVE-2015-8594 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. |
| CVE-2015-8595 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. |
| CVE-2015-8596 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. |
| CVE-2015-9034 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. |
| CVE-2015-9035 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory... |
| CVE-2015-9036 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. |
| CVE-2015-9037 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. |
| CVE-2015-9038 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. |
| CVE-2015-9039 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. |
| CVE-2015-9040 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. |
| CVE-2015-9041 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. |
| CVE-2015-9042 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. |
| CVE-2015-9043 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. |
| CVE-2015-9044 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on... |
| CVE-2015-9045 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. |
| CVE-2015-9046 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on... |
| CVE-2015-9047 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. |
| CVE-2015-9048 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. |
| CVE-2015-9049 | 2017-08-18 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. |