CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2015-2857 77 Exec Code 2017-08-22 2020-09-09
7.5
None Remote Low Not required Partial Partial Partial
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
1402 CVE-2015-2690 79 XSS 2017-08-02 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.
1403 CVE-2015-2687 284 2017-08-09 2017-08-24
1.9
None Local Medium Not required Partial None None
OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.
1404 CVE-2015-2675 119 DoS Overflow 2017-08-18 2017-08-24
5.0
None Remote Low Not required None None Partial
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
1405 CVE-2015-2674 295 2017-08-09 2017-08-21
4.3
None Remote Medium Not required None Partial None
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.
1406 CVE-2015-2560 264 2017-08-02 2018-10-09
5.0
None Remote Low Not required Partial None None
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
1407 CVE-2015-2313 400 DoS 2017-08-09 2017-08-17
7.8
None Remote Low Not required None None Complete
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.
1408 CVE-2015-2312 400 DoS 2017-08-09 2017-08-17
7.8
None Remote Low Not required None None Complete
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.
1409 CVE-2015-2311 191 DoS Exec Code +Info 2017-08-09 2017-08-17
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
1410 CVE-2015-2310 190 DoS Overflow +Info 2017-08-09 2019-12-11
6.4
None Remote Low Not required Partial None Partial
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.
1411 CVE-2015-2291 20 DoS Exec Code 2017-08-09 2017-08-24
7.2
None Local Low Not required Complete Complete Complete
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
1412 CVE-2015-2046 79 XSS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.
1413 CVE-2015-1878 264 2017-08-18 2017-09-07
4.6
None Local Low Not required Partial Partial Partial
Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel.
1414 CVE-2015-1876 22 Dir. Trav. 2017-08-28 2017-09-06
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ES File Explorer 3.2.4.1.
1415 CVE-2015-1820 384 +Info 2017-08-09 2017-08-21
7.5
None Remote Low Not required Partial Partial Partial
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
1416 CVE-2015-1817 119 Overflow 2017-08-18 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
1417 CVE-2015-1801 119 DoS Overflow +Priv Mem. Corr. 2017-08-24 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
1418 CVE-2015-1800 200 +Info 2017-08-24 2017-08-29
5.0
None Remote Low Not required Partial None None
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.
1419 CVE-2015-1783 119 DoS Overflow 2017-08-11 2017-08-24
5.0
None Remote Low Not required None None Partial
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.
1420 CVE-2015-1600 200 +Info 2017-08-28 2018-10-09
5.0
None Remote Low Not required Partial None None
Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier.
1421 CVE-2015-1555 20 2017-08-07 2017-08-15
6.4
None Remote Low Not required Partial Partial None
Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.
1422 CVE-2015-1554 20 DoS 2017-08-28 2017-09-05
5.0
None Remote Low Not required None None Partial
kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash).
1423 CVE-2015-1445 113 2017-08-28 2017-09-07
9.0
None Remote Low ??? Complete Complete Complete
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.
1424 CVE-2015-1443 20 Exec Code 2017-08-28 2017-09-06
9.0
None Remote Low ??? Complete Complete Complete
The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code.
1425 CVE-2015-1430 119 Overflow 2017-08-28 2017-08-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in xymon 4.3.17-1.
1426 CVE-2015-1401 287 2017-08-28 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3.
1427 CVE-2015-1395 22 Dir. Trav. 2017-08-25 2017-08-30
7.8
None Remote Low Not required None Complete None
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
1428 CVE-2015-1386 22 Dir. Trav. 2017-08-28 2017-08-31
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in unshield 1.0-1.
1429 CVE-2015-1378 264 2017-08-07 2017-08-16
5.0
None Remote Low Not required None Partial None
cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.
1430 CVE-2015-1325 362 +Priv 2017-08-25 2017-08-30
6.9
None Local Medium Not required Complete Complete Complete
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
1431 CVE-2015-1324 264 +Priv 2017-08-25 2017-08-30
7.2
None Local Low Not required Complete Complete Complete
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
1432 CVE-2015-1199 22 Dir. Trav. 2017-08-28 2017-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ppmd 10.1-5.
1433 CVE-2015-1198 22 Dir. Trav. 2017-08-28 2017-09-06
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.
1434 CVE-2015-1177 79 XSS 2017-08-28 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
1435 CVE-2015-1174 384 2017-08-02 2017-08-07
7.5
None Remote Low Not required Partial Partial Partial
Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id.
1436 CVE-2015-0974 426 +Priv 2017-08-28 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll.
1437 CVE-2015-0928 476 DoS 2017-08-28 2020-03-05
5.0
None Remote Low Not required None None Partial
libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).
1438 CVE-2015-0839 320 Exec Code 2017-08-02 2017-08-25
6.8
None Remote Medium Not required Partial Partial Partial
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
1439 CVE-2015-0786 119 Exec Code Overflow 2017-08-09 2017-08-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.
1440 CVE-2015-0785 200 +Info 2017-08-09 2017-08-18
5.0
None Remote Low Not required Partial None None
com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.
1441 CVE-2015-0784 200 +Info 2017-08-09 2017-08-18
5.0
None Remote Low Not required Partial None None
Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.
1442 CVE-2015-0783 200 +Info 2017-08-09 2017-08-19
4.0
None Remote Low ??? Partial None None
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
1443 CVE-2015-0782 89 Exec Code Sql 2017-08-09 2017-08-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
1444 CVE-2015-0781 22 Dir. Trav. 2017-08-09 2017-08-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.
1445 CVE-2015-0780 89 Exec Code Sql 2017-08-09 2017-08-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
1446 CVE-2015-0576 119 Overflow 2017-08-18 2018-04-19
7.6
None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA.
1447 CVE-2015-0575 326 2017-08-18 2017-08-21
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
1448 CVE-2015-0574 20 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.
1449 CVE-2015-0234 20 2017-08-29 2017-09-12
5.0
None Remote Low Not required None Partial None
Multiple temporary file creation vulnerabilities in pki-core 10.2.0.
1450 CVE-2015-0233 254 2017-08-28 2017-09-08
4.6
None Local Low Not required Partial Partial Partial
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.