CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2015-9036 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.
1302 CVE-2015-9035 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.
1303 CVE-2015-9034 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.
1304 CVE-2015-8621 264 2017-08-07 2017-08-15
2.1
None Local Low Not required None Partial None
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.
1305 CVE-2015-8596 119 Overflow 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.
1306 CVE-2015-8595 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.
1307 CVE-2015-8594 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.
1308 CVE-2015-8593 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
1309 CVE-2015-8592 476 Mem. Corr. 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
1310 CVE-2015-8355 89 Exec Code Sql 2017-08-24 2018-10-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
1311 CVE-2015-8352 22 Dir. Trav. 2017-08-24 2019-05-03
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.
1312 CVE-2015-8334 89 Exec Code Sql 2017-08-29 2017-09-07
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
1313 CVE-2015-8332 287 +Priv 2017-08-28 2017-09-08
6.5
None Remote Low ??? Partial Partial Partial
Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."
1314 CVE-2015-8308 287 Bypass 2017-08-24 2017-08-30
4.6
None Local Low Not required Partial Partial Partial
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
1315 CVE-2015-8300 275 +Priv 2017-08-28 2018-09-26
7.2
None Local Low Not required Complete Complete Complete
Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privileges via a Trojan horse file.
1316 CVE-2015-8299 119 Exec Code Overflow 2017-08-29 2019-03-14
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
1317 CVE-2015-8264 426 Exec Code 2017-08-02 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.
1318 CVE-2015-7945 200 +Info 2017-08-18 2021-09-08
5.0
None Remote Low Not required Partial None None
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
1319 CVE-2015-7944 399 DoS 2017-08-18 2021-09-08
5.0
None Remote Low Not required None None Partial
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.
1320 CVE-2015-7896 119 DoS Overflow Mem. Corr. 2017-08-24 2017-10-02
4.3
None Remote Medium Not required None None Partial
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
1321 CVE-2015-7894 119 DoS Exec Code Overflow 2017-08-09 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
1322 CVE-2015-7891 362 2017-08-02 2017-08-04
4.4
None Local Medium Not required Partial Partial Partial
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
1323 CVE-2015-7887 284 2017-08-07 2017-08-10
6.5
None Remote Low ??? Partial Partial Partial
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
1324 CVE-2015-7875 264 2017-08-07 2017-09-29
5.0
None Remote Low Not required None Partial None
ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
1325 CVE-2015-7871 287 Bypass 2017-08-07 2021-04-13
7.5
None Remote Low Not required Partial Partial Partial
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
1326 CVE-2015-7855 20 DoS 2017-08-07 2021-04-19
4.0
None Remote Low ??? None None Partial
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
1327 CVE-2015-7854 120 DoS Exec Code Overflow 2017-08-07 2020-06-18
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
1328 CVE-2015-7853 120 DoS Exec Code 2017-08-07 2021-07-16
7.5
None Remote Low Not required Partial Partial Partial
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
1329 CVE-2015-7852 20 DoS 2017-08-07 2020-06-18
4.3
None Remote Medium Not required None None Partial
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
1330 CVE-2015-7850 835 DoS 2017-08-07 2020-06-18
4.0
None Remote Low ??? None None Partial
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
1331 CVE-2015-7849 416 DoS Exec Code 2017-08-07 2020-06-18
6.5
None Remote Low ??? Partial Partial Partial
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
1332 CVE-2015-7764 331 2017-08-09 2019-12-11
5.0
None Remote Low Not required Partial None None
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
1333 CVE-2015-7711 79 XSS 2017-08-31 2019-05-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.
1334 CVE-2015-7705 20 2017-08-07 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
1335 CVE-2015-7704 20 DoS 2017-08-07 2021-11-17
5.0
None Remote Low Not required None None Partial
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
1336 CVE-2015-7702 20 DoS 2017-08-07 2020-06-18
4.0
None Remote Low ??? None None Partial
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
1337 CVE-2015-7701 772 DoS 2017-08-07 2020-06-18
5.0
None Remote Low Not required None None Partial
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
1338 CVE-2015-7700 415 2017-08-31 2017-09-05
7.5
None Remote Low Not required Partial Partial Partial
Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors.
1339 CVE-2015-7692 20 DoS 2017-08-07 2020-06-18
5.0
None Remote Low Not required None None Partial
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
1340 CVE-2015-7691 20 DoS 2017-08-07 2020-06-18
5.0
None Remote Low Not required None None Partial
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
1341 CVE-2015-7571 434 Exec Code 2017-08-07 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
1342 CVE-2015-7561 264 2017-08-07 2021-06-03
3.5
None Remote Medium ??? Partial None None
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
1343 CVE-2015-7517 89 Exec Code Sql 2017-08-29 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/.
1344 CVE-2015-7516 476 DoS 2017-08-24 2017-08-30
7.8
None Remote Low Not required None None Complete
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
1345 CVE-2015-7259 255 2017-08-24 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
1346 CVE-2015-7258 255 +Info 2017-08-24 2017-08-30
9.0
None Remote Low ??? Complete Complete Complete
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
1347 CVE-2015-7257 640 2017-08-24 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
1348 CVE-2015-7255 200 +Info 2017-08-29 2017-09-12
5.0
None Remote Low Not required Partial None None
ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device.
1349 CVE-2015-6942 79 XSS 2017-08-29 2017-09-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment.
1350 CVE-2015-6941 534 +Info 2017-08-09 2017-08-21
5.0
None Remote Low Not required Partial None None
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.