Lista CVE - 2017 / Giugno
Visualizzazione 101 - 200 di 1033 CVE per Giugno 2017 (Pagina 2 di 11)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2014-9946 | 2017-06-06 | In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. |
| CVE-2014-9947 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. |
| CVE-2014-9948 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. |
| CVE-2014-9949 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. |
| CVE-2014-9950 | 2017-06-06 | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. |
| CVE-2014-9951 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. |
| CVE-2014-9952 | 2017-06-06 | In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. |
| CVE-2015-9005 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. |
| CVE-2015-9006 | 2017-06-06 | In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. |
| CVE-2015-9007 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. |
| CVE-2016-10297 | 2017-06-06 | In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. |
| CVE-2017-5664 | 2017-06-06 | The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and... |
| CVE-2017-7515 | 2017-06-06 | poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. |
| CVE-2017-8083 | 2017-06-06 | CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to... |
| CVE-2017-9332 | 2017-06-06 | The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. |
| CVE-2017-9448 | 2017-06-06 | Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and... |
| CVE-2017-9449 | 2017-06-06 | SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the... |
| CVE-2017-5243 | 2017-06-06 | The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls... |
| CVE-2017-8920 | 2017-06-06 | irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. |
| CVE-2017-9451 | 2017-06-06 | Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF']... |
| CVE-2017-9452 | 2017-06-06 | Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| CVE-2014-8180 | 2017-06-06 | MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. |
| CVE-2015-1207 | 2017-06-06 | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. |
| CVE-2015-3830 | 2017-06-06 | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for... |
| CVE-2016-0726 | 2017-06-06 | The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the... |
| CVE-2016-0767 | 2017-06-06 | PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath. |
| CVE-2016-0768 | 2017-06-06 | PostgreSQL PL/Java after 9.0 does not honor access controls on large objects. |
| CVE-2016-2192 | 2017-06-06 | PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own. |
| CVE-2016-3066 | 2017-06-06 | The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard. |
| CVE-2016-3077 | 2017-06-06 | The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. |
| CVE-2016-5004 | 2017-06-06 | The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing... |
| CVE-2016-9960 | 2017-06-06 | game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). |
| CVE-2016-9961 | 2017-06-06 | game-music-emu before 0.6.1 mishandles unspecified integer values. |
| CVE-2017-9461 | 2017-06-06 | smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling... |
| CVE-2017-9462 | 2017-06-06 | In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. |
| CVE-2017-9465 | 2017-06-06 | The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted... |
| CVE-2017-9468 | 2017-06-07 | In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. |
| CVE-2017-9469 | 2017-06-07 | In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able... |
| CVE-2017-9470 | 2017-06-07 | In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. |
| CVE-2017-9471 | 2017-06-07 | In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. |
| CVE-2017-9472 | 2017-06-07 | In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. |
| CVE-2017-9473 | 2017-06-07 | In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file. |
| CVE-2017-9474 | 2017-06-07 | In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. |
| CVE-2016-9834 | 2017-06-07 | An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit... |
| CVE-2017-7312 | 2017-06-07 | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames... |
| CVE-2017-7313 | 2017-06-07 | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address.... |
| CVE-2017-7314 | 2017-06-07 | An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is... |
| CVE-2015-7326 | 2017-06-07 | XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. |
| CVE-2015-7514 | 2017-06-07 | OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. |
| CVE-2015-7723 | 2017-06-07 | AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. |
| CVE-2015-7724 | 2017-06-07 | AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. |
| CVE-2015-7888 | 2017-06-07 | Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot)... |
| CVE-2015-8326 | 2017-06-07 | The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user. |
| CVE-2017-9499 | 2017-06-07 | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. |
| CVE-2017-9500 | 2017-06-07 | In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. |
| CVE-2017-9501 | 2017-06-07 | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. |
| CVE-2017-7563 | 2017-06-07 | In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the... |
| CVE-2017-7564 | 2017-06-07 | In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions... |
| CVE-2016-0254 | 2017-06-07 | IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated... |
| CVE-2016-3019 | 2017-06-07 | IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. |
| CVE-2016-3051 | 2017-06-07 | IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. |
| CVE-2016-5959 | 2017-06-07 | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server... |
| CVE-2016-5960 | 2017-06-07 | IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171. |
| CVE-2016-6087 | 2017-06-07 | IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. |
| CVE-2016-6089 | 2017-06-07 | IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to... |
| CVE-2016-8939 | 2017-06-07 | IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790. |
| CVE-2016-9710 | 2017-06-07 | IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local... |
| CVE-2016-9977 | 2017-06-07 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker... |
| CVE-2017-1125 | 2017-06-07 | IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force... |
| CVE-2017-1178 | 2017-06-07 | IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-1196 | 2017-06-07 | IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM... |
| CVE-2017-1305 | 2017-06-07 | IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-4914 | 2017-06-07 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance. |
| CVE-2017-4917 | 2017-06-07 | VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x locally stores vCenter Server credentials using reversible encryption. This issue may allow plaintext credentials to be obtained. |
| CVE-2017-4898 | 2017-06-07 | VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable. Successful exploitation... |
| CVE-2017-4899 | 2017-06-07 | VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound... |
| CVE-2017-4900 | 2017-06-07 | VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges... |
| CVE-2017-4902 | 2017-06-07 | VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a... |
| CVE-2017-4903 | 2017-06-07 | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player... |
| CVE-2017-4904 | 2017-06-07 | The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG;... |
| CVE-2017-4905 | 2017-06-07 | VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x... |
| CVE-2017-7965 | 2017-06-07 | A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. |
| CVE-2017-7966 | 2017-06-07 | A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due... |
| CVE-2017-9355 | 2017-06-07 | XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. |
| CVE-2015-5175 | 2017-06-07 | Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. |
| CVE-2015-5232 | 2017-06-07 | Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. |
| CVE-2015-6240 | 2017-06-07 | The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. |
| CVE-2015-6540 | 2017-06-07 | Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. |
| CVE-2015-6959 | 2017-06-07 | Cross-site scripting (XSS) vulnerability in Vindula 1.9. |
| CVE-2015-8235 | 2017-06-07 | Directory traversal vulnerability in Spiffy before 5.4. |
| CVE-2015-8538 | 2017-06-07 | dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). |
| CVE-2016-4973 | 2017-06-07 | Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the... |
| CVE-2014-9310 | 2017-06-07 | Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. |
| CVE-2015-3295 | 2017-06-07 | markdown-it before 4.1.0 does not block data: URLs. |
| CVE-2015-7346 | 2017-06-07 | SQL injection vulnerability in ZCMS 1.1. |
| CVE-2017-7180 | 2017-06-08 | Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have... |
| CVE-2017-4901 | 2017-06-08 | The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute... |
| CVE-2017-4907 | 2017-06-08 | VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a... |
| CVE-2017-4908 | 2017-06-08 | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow... |
| CVE-2017-4909 | 2017-06-08 | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this... |