CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2015-3745 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
402 CVE-2015-3744 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
403 CVE-2015-3743 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
404 CVE-2015-3742 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
405 CVE-2015-3741 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
406 CVE-2015-3740 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
407 CVE-2015-3739 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
408 CVE-2015-3738 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
409 CVE-2015-3737 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
410 CVE-2015-3736 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
411 CVE-2015-3735 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
412 CVE-2015-3734 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
413 CVE-2015-3733 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
414 CVE-2015-3732 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
415 CVE-2015-3731 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
416 CVE-2015-3730 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2019-02-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
417 CVE-2015-3729 254 2015-08-16 2019-02-08
4.3
None Remote Medium Not required None Partial None
Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.
418 CVE-2015-3636 DoS +Priv 2015-08-06 2019-04-22
4.9
None Local Low Not required None None Complete
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
419 CVE-2015-3626 79 XSS 2015-08-11 2016-12-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.
420 CVE-2015-3440 79 XSS 2015-08-03 2016-12-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
421 CVE-2015-3439 79 Exec Code XSS 2015-08-05 2016-12-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.
422 CVE-2015-3438 79 XSS 2015-08-05 2016-12-06
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.
423 CVE-2015-3291 17 DoS 2015-08-31 2016-12-22
2.1
None Local Low Not required None None Partial
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issuing a syscall instruction, and triggering an NMI.
424 CVE-2015-3290 264 +Priv 2015-08-31 2017-09-17
7.2
None Local Low Not required Complete Complete Complete
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
425 CVE-2015-3289 399 DoS 2015-08-14 2016-12-03
4.0
None Remote Low ??? None None Partial
OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.
426 CVE-2015-3287 119 DoS Overflow 2015-08-12 2015-08-12
4.0
None Remote Low Single system None None Partial
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.
427 CVE-2015-3286 119 DoS Overflow 2015-08-12 2017-09-21
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.
428 CVE-2015-3285 119 DoS Overflow Mem. Corr. 2015-08-12 2017-09-21
2.1
None Local Low Not required None None Partial
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
429 CVE-2015-3284 200 +Info 2015-08-12 2017-09-21
2.1
None Local Low Not required Partial None None
pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands.
430 CVE-2015-3283 264 2015-08-12 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
431 CVE-2015-3282 200 +Info 2015-08-12 2017-09-21
4.3
None Remote Medium Not required Partial None None
vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.
432 CVE-2015-3269 200 +Info 2015-08-25 2018-10-09
5.0
None Remote Low Not required Partial None None
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
433 CVE-2015-3267 79 XSS 2015-08-11 2016-12-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
434 CVE-2015-3253 74 DoS Exec Code 2015-08-13 2020-06-24
7.5
None Remote Low Not required Partial Partial Partial
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
435 CVE-2015-3246 264 DoS +Priv 2015-08-11 2018-05-20
7.2
None Local Low Not required Complete Complete Complete
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
436 CVE-2015-3245 20 DoS 2015-08-11 2018-05-20
2.1
None Local Low Not required None None Partial
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.
437 CVE-2015-3239 189 2015-08-26 2016-12-22
3.3
None Local Medium Not required Partial Partial None
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.
438 CVE-2015-3238 200 DoS +Info 2015-08-24 2019-01-03
5.8
None Remote Medium Not required Partial None Partial
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
439 CVE-2015-3235 264 2015-08-14 2015-08-18
6.0
None Remote Medium ??? Partial Partial Partial
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
440 CVE-2015-3228 189 DoS Overflow 2015-08-11 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
441 CVE-2015-3221 20 DoS 2015-08-26 2018-10-19
4.0
None Remote Low ??? None None Partial
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.
442 CVE-2015-3219 79 XSS 2015-08-20 2016-12-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
443 CVE-2015-3214 119 Exec Code Overflow 2015-08-31 2017-11-04
6.9
None Local Medium Not required Complete Complete Complete
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
444 CVE-2015-3213 284 Bypass 2015-08-12 2015-08-12
7.2
None Local Low Not required Complete Complete Complete
The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.
445 CVE-2015-3212 362 DoS 2015-08-31 2019-04-08
4.9
None Local Low Not required None None Complete
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
446 CVE-2015-3187 200 +Info 2015-08-12 2017-07-01
4.0
None Remote Low ??? Partial None None
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
447 CVE-2015-3184 200 +Info 2015-08-12 2017-07-01
5.0
None Remote Low Not required Partial None None
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
448 CVE-2015-3158 264 2015-08-26 2015-08-27
4.0
None Remote Low ??? Partial None None
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow.
449 CVE-2015-3155 284 2015-08-14 2018-08-13
5.0
None Remote Low Not required Partial None None
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
450 CVE-2015-2987 17 2015-08-28 2015-08-31
2.6
None Remote High Not required Partial None None
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.
Total number of vulnerabilities : 620   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.