CVE List - 2017 / June
Showing 901 - 1000 of 1033 CVEs for June 2017 (Page 10 of 11)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-7520 | 2017-06-27 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker. |
| CVE-2017-7521 | 2017-06-27 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). |
| CVE-2017-7522 | 2017-06-27 | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. |
| CVE-2017-7524 | 2017-06-27 | tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC. |
| CVE-2017-2841 | 2017-06-27 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow... |
| CVE-2017-2842 | 2017-06-27 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in... |
| CVE-2017-2843 | 2017-06-27 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in... |
| CVE-2016-6083 | 2017-06-27 | IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696. |
| CVE-2016-9738 | 2017-06-27 | IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. |
| CVE-2016-9972 | 2017-06-27 | IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this... |
| CVE-2017-1105 | 2017-06-27 | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite... |
| CVE-2017-1234 | 2017-06-27 | IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2017-1297 | 2017-06-27 | IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could... |
| CVE-2017-1322 | 2017-06-27 | IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information... |
| CVE-2017-1328 | 2017-06-27 | IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request,... |
| CVE-2017-9982 | 2017-06-27 | TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. |
| CVE-2017-9841 | 2017-06-27 | Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by... |
| CVE-2017-9830 | 2017-06-27 | Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes... |
| CVE-2004-2778 | 2017-06-27 | Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted... |
| CVE-2012-5010 | 2017-06-27 | ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before... |
| CVE-2014-6354 | 2017-06-27 | Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code. |
| CVE-2014-8149 | 2017-06-27 | OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files. |
| CVE-2015-1591 | 2017-06-27 | The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. |
| CVE-2015-1778 | 2017-06-27 | The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. |
| CVE-2015-1795 | 2017-06-27 | Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. |
| CVE-2015-2245 | 2017-06-27 | Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). |
| CVE-2015-3840 | 2017-06-27 | The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. |
| CVE-2015-5180 | 2017-06-27 | res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). |
| CVE-2015-5378 | 2017-06-27 | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. |
| CVE-2015-7780 | 2017-06-27 | Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. |
| CVE-2015-7781 | 2017-06-27 | ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. |
| CVE-2015-7895 | 2017-06-27 | Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). |
| CVE-2015-7898 | 2017-06-27 | Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). |
| CVE-2015-8697 | 2017-06-27 | stalin 0.11-5 allows local users to write to arbitrary files. |
| CVE-2016-0959 | 2017-06-27 | Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash... |
| CVE-2016-4383 | 2017-06-27 | The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into... |
| CVE-2016-5414 | 2017-06-27 | FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. |
| CVE-2016-6342 | 2017-06-27 | elog 3.1.1 allows remote attackers to post data as any username in the logbook. |
| CVE-2016-7062 | 2017-06-27 | rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. |
| CVE-2017-2491 | 2017-06-27 | Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a... |
| CVE-2017-6086 | 2017-06-27 | Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator... |
| CVE-2017-9445 | 2017-06-28 | In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a... |
| CVE-2017-9984 | 2017-06-28 | The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing... |
| CVE-2017-9985 | 2017-06-28 | The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing... |
| CVE-2017-9986 | 2017-06-28 | The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing... |
| CVE-2017-9987 | 2017-06-28 | There is a heap-based buffer overflow in the function hpel_motion in mpegvideo_motion.c in libav 12.1. A crafted input can lead to a remote denial of service attack. |
| CVE-2017-9988 | 2017-06-28 | The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. |
| CVE-2017-9989 | 2017-06-28 | util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. |
| CVE-2017-9990 | 2017-06-28 | Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other... |
| CVE-2017-9991 | 2017-06-28 | Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to... |
| CVE-2017-9992 | 2017-06-28 | Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to... |
| CVE-2017-9993 | 2017-06-28 | FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers... |
| CVE-2017-9994 | 2017-06-28 | libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to... |
| CVE-2017-9995 | 2017-06-28 | libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate height and width data, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash)... |
| CVE-2017-9996 | 2017-06-28 | The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which... |
| CVE-2017-9998 | 2017-06-28 | The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. |
| CVE-2017-5241 | 2017-06-28 | Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description"... |
| CVE-2017-7686 | 2017-06-28 | Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that... |
| CVE-2017-1106 | 2017-06-28 | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2016-10042 | 2017-06-29 | Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading... |
| CVE-2017-10667 | 2017-06-29 | In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. |
| CVE-2017-10671 | 2017-06-29 | Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact... |
| CVE-2017-10672 | 2017-06-29 | Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. |
| CVE-2017-10673 | 2017-06-29 | admin/profile.php in GetSimple CMS 3.x has XSS in a name field. |
| CVE-2017-8554 | 2017-06-29 | The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8558 | 2017-06-29 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows... |
| CVE-2017-8575 | 2017-06-29 | The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component... |
| CVE-2017-8576 | 2017-06-29 | The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted... |
| CVE-2017-8579 | 2017-06-29 | The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted... |
| CVE-2017-8613 | 2017-06-29 | Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect... |
| CVE-2017-1310 | 2017-06-29 | IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could... |
| CVE-2017-5528 | 2017-06-29 | TIBCO JasperReports Server cross-site vulnerabilities |
| CVE-2017-5529 | 2017-06-29 | TIBCO JasperReports Library Information Disclosure |
| CVE-2017-3747 | 2017-06-29 | Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges... |
| CVE-2017-3748 | 2017-06-29 | On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known... |
| CVE-2017-3749 | 2017-06-29 | On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation... |
| CVE-2017-3750 | 2017-06-29 | On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation... |
| CVE-2017-4997 | 2017-06-29 | EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| CVE-2017-2844 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in... |
| CVE-2017-2845 | 2017-06-29 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow... |
| CVE-2017-2846 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters... |
| CVE-2017-2847 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters... |
| CVE-2017-2848 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters... |
| CVE-2017-2849 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters... |
| CVE-2017-2850 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in... |
| CVE-2017-2851 | 2017-06-29 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. |
| CVE-2017-10678 | 2017-06-29 | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. |
| CVE-2017-10679 | 2017-06-29 | Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the... |
| CVE-2017-10680 | 2017-06-29 | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted... |
| CVE-2017-10681 | 2017-06-29 | Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. |
| CVE-2017-10682 | 2017-06-29 | SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status... |
| CVE-2017-10684 | 2017-06-29 | In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. |
| CVE-2017-10685 | 2017-06-29 | In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. |
| CVE-2017-10686 | 2017-06-29 | In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the... |
| CVE-2017-10688 | 2017-06-29 | In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-10683 | 2017-06-29 | In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-10687 | 2017-06-29 | In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack. |
| CVE-2016-9358 | 2017-06-30 | A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin... |
| CVE-2017-6017 | 2017-06-30 | A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote... |
| CVE-2017-6018 | 2017-06-30 | An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software... |