CVE List - 2017 / July
Showing 601 - 700 of 1268 CVEs for July 2017 (Page 7 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-1000065 | 2017-07-13 | Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated... |
| CVE-2017-1000066 | 2017-07-13 | The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. |
| CVE-2017-1000067 | 2017-07-13 | MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. |
| CVE-2017-1000068 | 2017-07-13 | TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of... |
| CVE-2017-1000069 | 2017-07-13 | CSRF in Bitly oauth2_proxy 2.1 during authentication flow |
| CVE-2017-1000070 | 2017-07-13 | The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by... |
| CVE-2017-1000071 | 2017-07-13 | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. |
| CVE-2017-1000072 | 2017-07-13 | Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations |
| CVE-2017-1000073 | 2017-07-13 | Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. |
| CVE-2017-1000074 | 2017-07-13 | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. |
| CVE-2017-1000075 | 2017-07-13 | Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function |
| CVE-2017-1000078 | 2017-07-13 | Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration |
| CVE-2017-1000079 | 2017-07-13 | Linux foundation ONOS 1.9.0 is vulnerable to a DoS. |
| CVE-2017-1000080 | 2017-07-13 | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. |
| CVE-2017-1000081 | 2017-07-13 | Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. |
| CVE-2017-1000362 | 2017-07-13 | The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and... |
| CVE-2017-1000363 | 2017-07-13 | Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader... |
| CVE-2017-11311 | 2017-07-13 | soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of... |
| CVE-2017-11318 | 2017-07-14 | Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by... |
| CVE-2017-11328 | 2017-07-14 | Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. |
| CVE-2017-3080 | 2017-07-14 | Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. |
| CVE-2017-3099 | 2017-07-14 | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. |
| CVE-2017-3100 | 2017-07-14 | Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. |
| CVE-2017-3101 | 2017-07-14 | Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack. |
| CVE-2017-3102 | 2017-07-14 | Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack. |
| CVE-2017-3103 | 2017-07-14 | Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack. |
| CVE-2017-9814 | 2017-07-14 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. |
| CVE-2017-1181 | 2017-07-14 | IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force... |
| CVE-2017-1182 | 2017-07-14 | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. IBM X-Force... |
| CVE-2017-1183 | 2017-07-14 | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force... |
| CVE-2017-10601 | 2017-07-14 | Junos OS: Insufficient authentication for user login when a specific system configuration error occurs. |
| CVE-2017-10602 | 2017-07-14 | Junos OS: buffer overflow vulnerability in Junos CLI |
| CVE-2017-10603 | 2017-07-14 | Junos OS: Local XML Injection through CLI command can lead to privilege escalation |
| CVE-2017-10604 | 2017-07-14 | Junos OS: SRX Series: Cluster configuration sync failures occur if the root user account is locked out |
| CVE-2017-10605 | 2017-07-14 | Junos: SRX Series denial of service vulnerability in flowd due to crafted DHCP packet |
| CVE-2017-2314 | 2017-07-14 | Junos: RPD crash due to malformed BGP OPEN message |
| CVE-2017-2335 | 2017-07-14 | ScreenOS: XSS vulnerability in ScreenOS Firewall |
| CVE-2017-2336 | 2017-07-14 | ScreenOS: XSS vulnerability in ScreenOS Firewall |
| CVE-2017-2337 | 2017-07-14 | ScreenOS: XSS vulnerability in ScreenOS Firewall |
| CVE-2017-2338 | 2017-07-14 | ScreenOS: XSS vulnerability in ScreenOS Firewall |
| CVE-2017-2339 | 2017-07-14 | ScreenOS: XSS vulnerability in ScreenOS Firewall |
| CVE-2017-2341 | 2017-07-14 | Junos OS: VM to host privilege escalation in platforms with Junos OS running in a virtualized environment. |
| CVE-2017-2342 | 2017-07-14 | SRX Series: MACsec failure to report errors |
| CVE-2017-2343 | 2017-07-14 | SRX Series: Hardcoded credentials in Integrated UserFW feature. |
| CVE-2017-2344 | 2017-07-14 | Junos: Buffer overflow in sockets library |
| CVE-2017-2345 | 2017-07-14 | Junos: snmpd denial of service upon receipt of crafted SNMP packet |
| CVE-2017-2346 | 2017-07-14 | MS-MPC or MS-MIC crash when passing large fragmented traffic through an ALG |
| CVE-2017-2347 | 2017-07-14 | Junos: Denial of Service vulnerability in rpd daemon |
| CVE-2017-2348 | 2017-07-14 | Junos OS: jdhcpd daemon crash due to invalid IPv6 UDP packets |
| CVE-2017-2349 | 2017-07-14 | SRX Series: Command injection vulnerability in SRX IDP feature. |
| CVE-2017-7673 | 2017-07-14 | Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection. |
| CVE-2017-7663 | 2017-07-14 | Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0. |
| CVE-2017-7664 | 2017-07-14 | Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0. |
| CVE-2017-7666 | 2017-07-14 | Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks. |
| CVE-2017-7680 | 2017-07-14 | Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains. |
| CVE-2017-7681 | 2017-07-14 | Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by... |
| CVE-2017-7682 | 2017-07-14 | Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas. |
| CVE-2017-7683 | 2017-07-14 | Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure. |
| CVE-2017-7684 | 2017-07-14 | Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server. |
| CVE-2017-7685 | 2017-07-14 | Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH. |
| CVE-2017-7688 | 2017-07-14 | Apache OpenMeetings 1.0.0 updates user password in insecure manner. |
| CVE-2017-2240 | 2017-07-14 | Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". |
| CVE-2017-2241 | 2017-07-14 | SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". |
| CVE-2017-2246 | 2017-07-14 | Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2247 | 2017-07-14 | Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2248 | 2017-07-14 | Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2249 | 2017-07-14 | Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2252 | 2017-07-14 | Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker... |
| CVE-2017-2253 | 2017-07-14 | Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges... |
| CVE-2017-2265 | 2017-07-14 | Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2266 | 2017-07-14 | Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in... |
| CVE-2017-2267 | 2017-07-14 | Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2268 | 2017-07-14 | Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in... |
| CVE-2017-2269 | 2017-07-14 | Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2270 | 2017-07-14 | Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in... |
| CVE-2017-2271 | 2017-07-14 | Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-2272 | 2017-07-14 | Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |
| CVE-2017-11329 | 2017-07-14 | GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php request with an entity_restrict parameter that is not a list of integers. |
| CVE-2016-10398 | 2017-07-14 | Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge.... |
| CVE-2017-0028 | 2017-07-14 | A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary... |
| CVE-2017-0152 | 2017-07-14 | A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a... |
| CVE-2017-0196 | 2017-07-14 | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." |
| CVE-2015-0249 | 2017-07-14 | The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language... |
| CVE-2015-5152 | 2017-07-14 | Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via... |
| CVE-2016-0764 | 2017-07-14 | Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and... |
| CVE-2016-4982 | 2017-07-14 | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect... |
| CVE-2016-4984 | 2017-07-14 | /usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate,... |
| CVE-2016-4996 | 2017-07-14 | discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in,... |
| CVE-2016-6312 | 2017-07-14 | The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated... |
| CVE-2016-6793 | 2017-07-14 | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete... |
| CVE-2017-11335 | 2017-07-16 | There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode... |
| CVE-2017-11336 | 2017-07-16 | There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. |
| CVE-2017-11337 | 2017-07-16 | There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-11338 | 2017-07-16 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-11339 | 2017-07-16 | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. |
| CVE-2017-11340 | 2017-07-16 | There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. |
| CVE-2017-11341 | 2017-07-16 | There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-11342 | 2017-07-16 | There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. |
| CVE-2017-11343 | 2017-07-16 | Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input... |
| CVE-2017-11344 | 2017-07-16 | Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U,... |