CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2015-1834 22 Dir. Trav. 2017-05-25 2021-08-25
4.0
None Remote Low ??? None Partial None
A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior to 1.4.2. Path traversal is the 'outbreak' of a given directory structure through relative file paths in the user input. It aims at accessing files and directories that are stored outside the web root folder, for disallowed reading or even executing arbitrary system commands. An attacker could use a certain parameter of the file path for instance to inject '../' sequences in order to navigate through the file system. In this particular case a remote authenticated attacker can exploit the identified vulnerability in order to upload arbitrary files to the server running a Cloud Controller instance - outside the isolated application container.
1002 CVE-2015-1529 190 DoS Overflow 2017-05-23 2017-05-26
5.0
None Remote Low Not required None None Partial
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors.
1003 CVE-2015-0269 22 Dir. Trav. 2017-05-26 2017-06-08
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.
1004 CVE-2014-9970 200 +Info 2017-05-21 2018-02-14
5.0
None Remote Low Not required Partial None None
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
1005 CVE-2014-9940 416 DoS +Priv 2017-05-02 2017-11-04
7.6
None Remote High Not required Complete Complete Complete
The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.
1006 CVE-2014-9937 119 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
1007 CVE-2014-9936 362 2017-05-16 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel.
1008 CVE-2014-9935 190 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
1009 CVE-2014-9934 347 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
1010 CVE-2014-9933 20 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
1011 CVE-2014-9932 190 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
1012 CVE-2014-9931 119 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.
1013 CVE-2014-3527 287 Bypass 2017-05-25 2021-06-08
7.5
None Remote Low Not required Partial Partial Partial
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information from the HttpServletRequest which is populated based upon untrusted information within the HTTP request. This means if there are access control restrictions on which CAS services can authenticate to one another, those restrictions can be bypassed. If users are not using CAS Proxy tickets and not basing access control decisions based upon the CAS Service, then there is no impact to users.
1014 CVE-2014-0225 611 2017-05-25 2022-04-11
6.8
None Remote Medium Not required Partial Partial Partial
When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.
1015 CVE-2014-0097 287 2017-05-25 2022-04-20
7.5
None Remote Low Not required Partial Partial Partial
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Total number of vulnerabilities : 1015   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.