CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2015-0210 295 2017-08-28 2017-08-31
4.3
None Remote Medium Not required Partial None None
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
1452 CVE-2015-0194 611 2017-08-02 2017-08-14
4.0
None Remote Low ??? Partial None None
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.
1453 CVE-2015-0114 119 Overflow 2017-08-28 2017-09-05
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1.
1454 CVE-2015-0101 79 XSS 2017-08-28 2017-09-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5.
1455 CVE-2014-9981 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.
1456 CVE-2014-9980 119 Overflow 2017-08-18 2017-08-22
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.
1457 CVE-2014-9979 119 Overflow 2017-08-18 2017-08-22
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.
1458 CVE-2014-9978 119 Overflow 2017-08-18 2017-08-22
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.
1459 CVE-2014-9977 119 Overflow 2017-08-18 2017-08-22
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.
1460 CVE-2014-9976 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
1461 CVE-2014-9975 326 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
1462 CVE-2014-9974 119 Overflow 2017-08-18 2017-08-22
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.
1463 CVE-2014-9973 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.
1464 CVE-2014-9972 476 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.
1465 CVE-2014-9971 20 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.
1466 CVE-2014-9969 327 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.
1467 CVE-2014-9968 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.
1468 CVE-2014-9831 284 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
1469 CVE-2014-9830 284 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
1470 CVE-2014-9828 284 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file.
1471 CVE-2014-9827 284 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
1472 CVE-2014-9701 79 XSS 2017-08-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter to permalink_page.php.
1473 CVE-2014-9637 399 DoS 2017-08-25 2017-08-30
7.1
None Remote Medium Not required None None Complete
GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
1474 CVE-2014-9564 93 XSS Http R.Spl. +Info 2017-08-25 2017-08-30
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks and resulting web cache poisoning or cross-site scripting (XSS) attacks, or obtain sensitive information via multiple unspecified parameters.
1475 CVE-2014-9558 89 Sql 2017-08-28 2017-08-31
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SmartCMS v.2.
1476 CVE-2014-9557 79 XSS 2017-08-28 2020-10-02
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.
1477 CVE-2014-9514 79 XSS 2017-08-28 2017-08-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.
1478 CVE-2014-9513 284 Exec Code 2017-08-28 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.
1479 CVE-2014-9497 119 Overflow 2017-08-29 2017-09-03
5.0
None Remote Low Not required None None Partial
Buffer overflow in mpg123 before 1.18.0.
1480 CVE-2014-9483 200 Bypass +Info 2017-08-28 2017-09-08
5.0
None Remote Low Not required Partial None None
Emacs 24.4 allows remote attackers to bypass security restrictions.
1481 CVE-2014-9469 79 XSS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3.
1482 CVE-2014-9411 118 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.
1483 CVE-2014-9312 434 2017-08-28 2019-07-08
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
1484 CVE-2014-9262 264 2017-08-07 2017-08-15
5.5
None Remote Low ??? Partial Partial None
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
1485 CVE-2014-9260 264 2017-08-07 2017-08-15
6.5
None Remote Low ??? Partial Partial Partial
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
1486 CVE-2014-8903 77 2017-08-02 2017-08-14
6.5
None Remote Low ??? Partial Partial Partial
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
1487 CVE-2014-8900 352 CSRF 2017-08-28 2017-09-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.
1488 CVE-2014-8872 94 2017-08-29 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50.
1489 CVE-2014-8871 22 Dir. Trav. 2017-08-28 2019-08-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.
1490 CVE-2014-8753 79 XSS 2017-08-28 2017-09-06
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6.
1491 CVE-2014-8677 94 Exec Code 2017-08-31 2017-09-06
3.5
None Remote Medium ??? None Partial None
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
1492 CVE-2014-8676 22 Dir. Trav. 2017-08-31 2017-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
1493 CVE-2014-8675 200 +Info 2017-08-31 2017-09-06
5.0
None Remote Low Not required Partial None None
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
1494 CVE-2014-8428 264 2017-08-28 2017-09-01
7.5
None Remote Low Not required Partial Partial Partial
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
1495 CVE-2014-8426 798 2017-08-28 2017-09-01
7.5
None Remote Low Not required Partial Partial Partial
Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015.
1496 CVE-2014-8393 427 2017-08-29 2018-10-09
4.6
None Local Low Not required Partial Partial Partial
DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion.
1497 CVE-2014-8168 284 2017-08-28 2017-09-04
4.6
None Local Low Not required Partial Partial Partial
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
1498 CVE-2014-8163 22 Dir. Trav. 2017-08-28 2017-09-05
5.5
None Remote Low ??? None Partial Partial
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
1499 CVE-2014-7860 287 2017-08-25 2018-10-09
5.0
None Remote Low Not required Partial None None
The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token.
1500 CVE-2014-7859 119 Exec Code Overflow 2017-08-25 2019-03-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting malformed "Host" and "Referer" header values.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.