CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2014-7858 287 Bypass 2017-08-25 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.
1502 CVE-2014-7857 287 Bypass 2017-08-25 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin.
1503 CVE-2014-6393 79 XSS 2017-08-09 2021-07-30
4.3
None Remote Medium Not required None Partial None
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
1504 CVE-2014-6189 79 XSS 2017-08-22 2017-08-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security Network Protection 3100, 4100, 5100, and 7100 devices with firmware 5.2 before 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0008 and 5.3 before 5.3.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1505 CVE-2014-5302 22 Exec Code Dir. Trav. 2017-08-28 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
1506 CVE-2014-5301 22 Dir. Trav. 2017-08-28 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
1507 CVE-2014-5144 79 XSS 2017-08-09 2017-08-18
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
1508 CVE-2014-4925 79 XSS 2017-08-28 2017-09-08
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.
1509 CVE-2014-4616 119 Overflow 2017-08-24 2018-10-30
4.3
None Remote Medium Not required Partial None None
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
1510 CVE-2014-3462 200 +Info 2017-08-07 2020-08-21
5.0
None Remote Low Not required Partial None None
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
1511 CVE-2014-3451 295 2017-08-18 2018-10-09
5.0
None Remote Low Not required None Partial None
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.
1512 CVE-2014-1235 119 DoS Exec Code Overflow 2017-08-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
1513 CVE-2014-0146 476 DoS 2017-08-10 2017-11-04
1.9
None Local Medium Not required None None Partial
The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 and 2.x before 2.0.0 allows local users to cause a denial of service (NULL pointer dereference) via a crafted image which causes an error, related to the initialization of the snapshot_offset and nb_snapshots fields.
1514 CVE-2014-0145 119 DoS Exec Code Overflow 2017-08-10 2017-11-04
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_snapshot_load_tmp in the QCOW 2 block driver (block/qcow2-snapshot.c) or (2) uncompressed chunk, (3) chunk length, or (4) number of sectors in the DMG block driver (block/dmg.c).
1515 CVE-2014-0143 190 DoS Overflow Mem. Corr. 2017-08-10 2019-04-22
4.4
None Local Medium Not required Partial Partial Partial
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in the (3) qcow2_snapshot_load_tmp in qcow2-snapshot.c or (4) qcow2_grow_l1_table function in qcow2-cluster.c, (5) a large request in the bdrv_check_byte_request function in block.c and other block drivers, (6) crafted cluster indexes in the get_refcount function in qcow2-refcount.c, or (7) a large number of blocks in the cloop_open function in cloop.c, which trigger buffer overflows, memory corruption, large memory allocations and out-of-bounds read and writes.
1516 CVE-2014-0142 369 DoS 2017-08-10 2017-11-04
2.1
None Local Low Not required None None Partial
QEMU, possibly before 2.0.0, allows local users to cause a denial of service (divide-by-zero error and crash) via a zero value in the (1) tracks field to the seek_to_sector function in block/parallels.c or (2) extent_size field in the bochs function in block/bochs.c.
1517 CVE-2014-0141 79 XSS 2017-08-28 2017-08-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
1518 CVE-2013-7433 79 XSS 2017-08-29 2017-09-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!.
1519 CVE-2013-7432 264 Bypass 2017-08-29 2017-09-01
5.0
None Remote Low Not required Partial None None
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.
1520 CVE-2013-7431 200 +Info 2017-08-29 2017-09-01
5.0
None Remote Low Not required Partial None None
Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!.
1521 CVE-2013-7430 79 XSS 2017-08-28 2017-08-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter.
1522 CVE-2013-7426 434 2017-08-29 2017-09-02
7.5
None Remote Low Not required Partial Partial Partial
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.
1523 CVE-2013-0870 2017-08-28 2017-09-04
7.5
None Remote Low Not required Partial Partial Partial
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
1524 CVE-2012-5030 399 DoS 2017-08-02 2017-08-04
6.8
None Remote Low ??? None None Complete
Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.
1525 CVE-2012-2805 404 DoS 2017-08-28 2017-08-31
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.
1526 CVE-2012-2781 2017-08-09 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
1527 CVE-2012-2780 2017-08-09 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
1528 CVE-2012-2778 2017-08-09 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
1529 CVE-2012-2773 2017-08-09 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
1530 CVE-2012-2771 2017-08-09 2018-09-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
1531 CVE-2012-0880 399 DoS 2017-08-08 2017-08-18
7.8
None Remote Low Not required None None Complete
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
1532 CVE-2012-0803 287 Bypass 2017-08-08 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
1533 CVE-2011-5325 22 Dir. Trav. 2017-08-07 2021-02-19
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
1534 CVE-2011-4650 399 2017-08-07 2017-08-25
5.0
None Remote Low Not required None None Partial
Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then the CPU utilization increases. Known Affected Releases: 5.2(1). Known Fixed Releases: 6.0(0)SL1(0.14) 5.2(2.73)S0. Product identification: CSCtt15295.
1535 CVE-2011-4343 200 +Info 2017-08-08 2017-11-02
5.0
None Remote Low Not required Partial None None
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
1536 CVE-2011-0469 94 2017-08-17 2017-08-25
9.0
None Remote Low Not required Partial Complete Partial
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
1537 CVE-2010-3845 200 +Info 2017-08-08 2017-08-18
5.0
None Remote Low Not required Partial None None
libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.
1538 CVE-2010-2245 611 DoS 2017-08-08 2017-08-16
5.8
None Remote Medium Not required Partial None Partial
XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.
1539 CVE-2009-5145 79 XSS 2017-08-07 2017-08-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
1540 CVE-2007-5341 119 Exec Code Overflow 2017-08-18 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
1541 CVE-2007-5199 119 Overflow 2017-08-18 2020-07-30
7.5
None Remote Low Not required Partial Partial Partial
A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.
1542 CVE-2006-3635 119 DoS Overflow 2017-08-07 2017-08-14
4.9
None Local Low Not required None None Complete
The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.