CVE List - 2017 / July
Showing 301 - 400 of 1268 CVEs for July 2017 (Page 4 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-0706 | 2017-07-06 | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532. |
| CVE-2017-0707 | 2017-07-06 | A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467. |
| CVE-2017-0708 | 2017-07-06 | A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879. |
| CVE-2017-0710 | 2017-07-06 | A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864. |
| CVE-2017-0711 | 2017-07-06 | A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781. |
| CVE-2017-6247 | 2017-07-06 | An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated... |
| CVE-2017-4998 | 2017-07-07 | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute... |
| CVE-2017-4999 | 2017-07-07 | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially... |
| CVE-2017-5000 | 2017-07-07 | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability... |
| CVE-2017-5001 | 2017-07-07 | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability... |
| CVE-2017-5002 | 2017-07-07 | EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and... |
| CVE-2017-10968 | 2017-07-07 | In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. |
| CVE-2017-10974 | 2017-07-07 | Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat... |
| CVE-2017-7950 | 2017-07-07 | Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file. |
| CVE-2017-10989 | 2017-07-07 | The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read... |
| CVE-2017-7404 | 2017-07-07 | On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send... |
| CVE-2017-7405 | 2017-07-07 | On the D-Link DIR-615 before v20.12PTb04, once authenticated, this device identifies the user based on the IP address of his machine. By spoofing the IP address belonging to the victim's... |
| CVE-2017-7406 | 2017-07-07 | The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can... |
| CVE-2017-2144 | 2017-07-07 | Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. |
| CVE-2017-2145 | 2017-07-07 | Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. |
| CVE-2017-2146 | 2017-07-07 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. |
| CVE-2017-2172 | 2017-07-07 | Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2183 | 2017-07-07 | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. |
| CVE-2017-2184 | 2017-07-07 | Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. |
| CVE-2017-2185 | 2017-07-07 | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. |
| CVE-2017-2186 | 2017-07-07 | HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. |
| CVE-2017-2188 | 2017-07-07 | Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001)... |
| CVE-2017-2194 | 2017-07-07 | Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2208 | 2017-07-07 | Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted... |
| CVE-2017-2215 | 2017-07-07 | Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to... |
| CVE-2017-2216 | 2017-07-07 | Cross-site scripting vulnerability in WordPress Download Manager prior to version 2.9.50 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2217 | 2017-07-07 | Open redirect vulnerability in WordPress Download Manager prior to version 2.9.51 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2017-2218 | 2017-07-07 | Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2220 | 2017-07-07 | Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2222 | 2017-07-07 | Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2223 | 2017-07-07 | Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the... |
| CVE-2017-2224 | 2017-07-07 | Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2225 | 2017-07-07 | Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2226 | 2017-07-07 | Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in... |
| CVE-2017-2227 | 2017-07-07 | Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL... |
| CVE-2017-2229 | 2017-07-07 | Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2230 | 2017-07-07 | Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2231 | 2017-07-07 | Untrusted search path vulnerability in The installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02 and earlier, distributed till June 20, 2017, The self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system Ver3.02... |
| CVE-2017-2232 | 2017-07-07 | Untrusted search path vulnerability in Installer of Shinseiyo Sogo Soft (4.8A) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2233 | 2017-07-07 | Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL... |
| CVE-2017-2234 | 2017-07-07 | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on... |
| CVE-2017-2235 | 2017-07-07 | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to bypass access restriction to change the administrator account password via... |
| CVE-2017-2236 | 2017-07-07 | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier uses hard-coded credentials, which may allow attackers to perform operations on device with administrative... |
| CVE-2017-2237 | 2017-07-07 | Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier. Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. |
| CVE-2017-2238 | 2017-07-07 | Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication... |
| CVE-2017-2239 | 2017-07-07 | Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript. |
| CVE-2017-2243 | 2017-07-07 | Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2017-2244 | 2017-07-07 | Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. |
| CVE-2017-2245 | 2017-07-07 | Directory traversal vulnerability in Shortcodes Ultimate prior to version 4.10.0 allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2017-10965 | 2017-07-07 | An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. |
| CVE-2017-10966 | 2017-07-07 | An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would... |
| CVE-2017-0326 | 2017-07-07 | An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is... |
| CVE-2017-0340 | 2017-07-07 | An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and... |
| CVE-2017-10991 | 2017-07-07 | The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. |
| CVE-2015-3297 | 2017-07-07 | Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP... |
| CVE-2017-10994 | 2017-07-07 | Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document. |
| CVE-2017-10995 | 2017-07-07 | The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image. |
| CVE-2014-7953 | 2017-07-07 | Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by... |
| CVE-2014-7954 | 2017-07-07 | Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of... |
| CVE-2017-1000082 | 2017-07-07 | systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended. |
| CVE-2017-1000381 | 2017-07-07 | The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet... |
| CVE-2017-6868 | 2017-07-07 | An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the... |
| CVE-2017-9627 | 2017-07-07 | An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability could allow an attacker to exhaust the memory... |
| CVE-2017-9629 | 2017-07-07 | A Stack-Based Buffer Overflow issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow a remote... |
| CVE-2017-9631 | 2017-07-07 | A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger... |
| CVE-2017-11102 | 2017-07-07 | The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (application crash) during JNG reading via a zero-length color_image data structure. |
| CVE-2017-11096 | 2017-07-07 | When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c. |
| CVE-2017-11097 | 2017-07-07 | When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c. |
| CVE-2017-11098 | 2017-07-07 | When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c. |
| CVE-2017-11099 | 2017-07-07 | When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c. |
| CVE-2017-11100 | 2017-07-07 | When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c. |
| CVE-2017-11101 | 2017-07-07 | When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c. |
| CVE-2017-7660 | 2017-07-07 | Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as... |
| CVE-2017-8442 | 2017-07-07 | Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that... |
| CVE-2017-7512 | 2017-07-07 | Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent... |
| CVE-2017-11104 | 2017-07-08 | Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass... |
| CVE-2017-11107 | 2017-07-08 | phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. |
| CVE-2017-11108 | 2017-07-08 | tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from... |
| CVE-2017-11109 | 2017-07-08 | Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a... |
| CVE-2017-11110 | 2017-07-08 | The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via... |
| CVE-2017-11111 | 2017-07-08 | In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted... |
| CVE-2017-11112 | 2017-07-08 | In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code... |
| CVE-2017-11113 | 2017-07-08 | In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code... |
| CVE-2017-4976 | 2017-07-09 | EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to... |
| CVE-2017-8002 | 2017-07-09 | EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing... |
| CVE-2017-8003 | 2017-07-09 | EMC Data Protection Advisor prior to 6.4 contains a path traversal vulnerability. A remote authenticated high privileged user may potentially exploit this vulnerability to access unauthorized information from the underlying... |
| CVE-2017-11124 | 2017-07-10 | libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c. |
| CVE-2017-11125 | 2017-07-10 | libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c. |
| CVE-2017-11126 | 2017-07-10 | The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is... |
| CVE-2017-11139 | 2017-07-10 | GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c. |
| CVE-2017-11140 | 2017-07-10 | The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource... |
| CVE-2017-11141 | 2017-07-10 | The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent... |
| CVE-2016-10397 | 2017-07-10 | In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated... |
| CVE-2017-11142 | 2017-07-10 | In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. |
| CVE-2017-11143 | 2017-07-10 | In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter,... |