CVE List - 2017 / June
Showing 401 - 500 of 1033 CVEs for June 2017 (Page 5 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-6687 | 2017-06-13 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker with access to the management network to log in to the affected device using default... |
| CVE-2017-6688 | 2017-06-13 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password... |
| CVE-2017-6689 | 2017-06-13 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an... |
| CVE-2017-6690 | 2017-06-13 | A vulnerability in the file check operation of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, remote attacker to overwrite or... |
| CVE-2017-6691 | 2017-06-13 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected... |
| CVE-2017-6692 | 2017-06-13 | A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an... |
| CVE-2017-6693 | 2017-06-13 | A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system,... |
| CVE-2017-6694 | 2017-06-13 | A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an... |
| CVE-2017-6695 | 2017-06-13 | A vulnerability in the ConfD server in Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive information. More Information: CSCvd29398. Known Affected Releases: 21.0.v0.65839. |
| CVE-2017-6696 | 2017-06-13 | A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected... |
| CVE-2017-6697 | 2017-06-13 | A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More... |
| CVE-2017-9552 | 2017-06-13 | A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username... |
| CVE-2017-9604 | 2017-06-13 | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later... |
| CVE-2015-3220 | 2017-06-13 | The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). |
| CVE-2016-3696 | 2017-06-13 | The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key. |
| CVE-2016-5411 | 2017-06-13 | /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. |
| CVE-2015-4596 | 2017-06-13 | Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. |
| CVE-2016-3704 | 2017-06-13 | Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords. |
| CVE-2016-5391 | 2017-06-13 | libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). |
| CVE-2017-9246 | 2017-06-13 | New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by... |
| CVE-2017-9429 | 2017-06-13 | SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. |
| CVE-2017-9603 | 2017-06-13 | SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. |
| CVE-2016-9973 | 2017-06-13 | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2016-9984 | 2017-06-13 | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. |
| CVE-2017-1099 | 2017-06-13 | IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659. |
| CVE-2017-1100 | 2017-06-13 | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-1101 | 2017-06-13 | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-1102 | 2017-06-13 | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-1104 | 2017-06-13 | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-9605 | 2017-06-13 | The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to... |
| CVE-2014-9960 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. |
| CVE-2014-9961 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. |
| CVE-2014-9962 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. |
| CVE-2014-9963 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. |
| CVE-2014-9964 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. |
| CVE-2014-9965 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. |
| CVE-2014-9966 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display. |
| CVE-2014-9967 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. |
| CVE-2015-9020 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. |
| CVE-2015-9021 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. |
| CVE-2015-9022 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. |
| CVE-2015-9023 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. |
| CVE-2015-9024 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. |
| CVE-2015-9025 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. |
| CVE-2015-9026 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. |
| CVE-2015-9027 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. |
| CVE-2015-9028 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. |
| CVE-2015-9029 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. |
| CVE-2015-9030 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. |
| CVE-2015-9031 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. |
| CVE-2015-9032 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. |
| CVE-2015-9033 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. |
| CVE-2016-10332 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. |
| CVE-2016-10333 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. |
| CVE-2016-10334 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. |
| CVE-2016-10335 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. |
| CVE-2016-10336 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. |
| CVE-2016-10337 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed. |
| CVE-2016-10338 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing. |
| CVE-2016-10339 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore. |
| CVE-2016-10340 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. |
| CVE-2016-10341 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. |
| CVE-2016-10342 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler. |
| CVE-2017-7365 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated. |
| CVE-2017-7366 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters. |
| CVE-2017-7367 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. |
| CVE-2017-7368 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver. |
| CVE-2017-7369 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption. |
| CVE-2017-7370 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. |
| CVE-2017-7371 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth. |
| CVE-2017-7372 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location. |
| CVE-2017-7373 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver. |
| CVE-2017-8233 | 2017-06-13 | In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds... |
| CVE-2017-8234 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. |
| CVE-2017-8235 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. |
| CVE-2017-8236 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. |
| CVE-2017-8237 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. |
| CVE-2017-8238 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. |
| CVE-2017-8239 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. |
| CVE-2017-8240 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. |
| CVE-2017-8241 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. |
| CVE-2017-8242 | 2017-06-13 | In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. |
| CVE-2017-5697 | 2017-06-14 | Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks... |
| CVE-2017-0636 | 2017-06-14 | An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is... |
| CVE-2017-0637 | 2017-06-14 | A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue... |
| CVE-2017-0638 | 2017-06-14 | A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This... |
| CVE-2017-0639 | 2017-06-14 | An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is... |
| CVE-2017-0640 | 2017-06-14 | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as... |
| CVE-2017-0641 | 2017-06-14 | A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is... |
| CVE-2017-0643 | 2017-06-14 | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as... |
| CVE-2017-0644 | 2017-06-14 | A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as... |
| CVE-2017-0645 | 2017-06-14 | An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is... |
| CVE-2017-0646 | 2017-06-14 | An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details... |
| CVE-2017-0647 | 2017-06-14 | An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be... |
| CVE-2017-0648 | 2017-06-14 | An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated... |
| CVE-2017-0649 | 2017-06-14 | An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated... |
| CVE-2017-0650 | 2017-06-14 | An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because... |
| CVE-2017-0651 | 2017-06-14 | An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because... |
| CVE-2017-0663 | 2017-06-14 | A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is... |
| CVE-2017-2810 | 2017-06-14 | An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python... |