Lista CVE - 2017 / Luglio
Visualizzazione 501 - 600 di 1268 CVE per Luglio 2017 (Pagina 6 di 13)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2017-4054 | 2017-07-12 | Command Injection vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to execute a command of their choice via a... |
| CVE-2017-4055 | 2017-07-12 | Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD detection via... |
| CVE-2017-4057 | 2017-07-12 | Privilege Escalation vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote authenticated users to gain elevated privileges via the GUI or GUI... |
| CVE-2017-11189 | 2017-07-12 | unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library... |
| CVE-2017-11190 | 2017-07-12 | unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other... |
| CVE-2017-9843 | 2017-07-12 | SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with certain privileges to cause a denial of service (process crash) via vectors involving disp+work.exe, aka SAP Security Note 2406841. |
| CVE-2017-9845 | 2017-07-12 | disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. |
| CVE-2017-9977 | 2017-07-12 | AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. |
| CVE-2017-9844 | 2017-07-12 | SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP... |
| CVE-2016-6114 | 2017-07-12 | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2016-8946 | 2017-07-12 | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2016-8947 | 2017-07-12 | IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site,... |
| CVE-2016-8948 | 2017-07-12 | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2016-8950 | 2017-07-12 | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2016-8953 | 2017-07-12 | IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site,... |
| CVE-2017-1285 | 2017-07-12 | IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state... |
| CVE-2017-1321 | 2017-07-12 | IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2017-2814 | 2017-07-12 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in... |
| CVE-2017-2818 | 2017-07-12 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering,... |
| CVE-2017-2820 | 2017-07-12 | An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out... |
| CVE-2017-2863 | 2017-07-12 | An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can... |
| CVE-2017-11193 | 2017-07-12 | Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These... |
| CVE-2017-11194 | 2017-07-12 | Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing... |
| CVE-2017-11195 | 2017-07-12 | Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags,... |
| CVE-2017-11196 | 2017-07-12 | Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user... |
| CVE-2017-11174 | 2017-07-12 | In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of... |
| CVE-2017-11198 | 2017-07-13 | Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter. |
| CVE-2017-11200 | 2017-07-13 | SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. |
| CVE-2017-11201 | 2017-07-13 | application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action. |
| CVE-2017-11202 | 2017-07-13 | FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180. |
| CVE-2017-11173 | 2017-07-13 | Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain... |
| CVE-2017-11103 | 2017-07-13 | Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket()... |
| CVE-2017-7529 | 2017-07-13 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially... |
| CVE-2016-6019 | 2017-07-13 | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2016-8951 | 2017-07-13 | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log... |
| CVE-2016-8952 | 2017-07-13 | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2016-8964 | 2017-07-13 | IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. |
| CVE-2017-1308 | 2017-07-13 | IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated attacker to download files they should not have access to due to improper access controls. IBM... |
| CVE-2017-7672 | 2017-07-13 | If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload... |
| CVE-2017-9787 | 2017-07-13 | When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. |
| CVE-2017-6249 | 2017-07-13 | An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated... |
| CVE-2017-9788 | 2017-07-13 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by... |
| CVE-2017-9789 | 2017-07-13 | When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. |
| CVE-2017-11310 | 2017-07-13 | The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files. |
| CVE-2017-1000001 | 2017-07-13 | FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. |
| CVE-2017-1000002 | 2017-07-13 | ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are... |
| CVE-2017-1000003 | 2017-07-13 | ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable... |
| CVE-2017-1000004 | 2017-07-13 | ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment,... |
| CVE-2017-1000005 | 2017-07-13 | PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). |
| CVE-2017-1000006 | 2017-07-13 | Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue. |
| CVE-2017-1000007 | 2017-07-13 | txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. |
| CVE-2017-1000008 | 2017-07-13 | Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their... |
| CVE-2017-1000009 | 2017-07-13 | Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution. |
| CVE-2017-1000010 | 2017-07-13 | Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution. |
| CVE-2017-1000011 | 2017-07-13 | MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information |
| CVE-2017-1000012 | 2017-07-13 | MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user |
| CVE-2017-1000013 | 2017-07-13 | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness |
| CVE-2017-1000014 | 2017-07-13 | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality |
| CVE-2017-1000015 | 2017-07-13 | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters |
| CVE-2017-1000016 | 2017-07-13 | A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. |
| CVE-2017-1000017 | 2017-07-13 | phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server |
| CVE-2017-1000018 | 2017-07-13 | phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name |
| CVE-2017-1000020 | 2017-07-13 | SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices,... |
| CVE-2017-1000021 | 2017-07-13 | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. |
| CVE-2017-1000022 | 2017-07-13 | LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. |
| CVE-2017-1000023 | 2017-07-13 | LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. |
| CVE-2017-1000024 | 2017-07-13 | Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission |
| CVE-2017-1000025 | 2017-07-13 | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote... |
| CVE-2017-1000026 | 2017-07-13 | Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries |
| CVE-2017-1000027 | 2017-07-13 | Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. |
| CVE-2017-1000028 | 2017-07-13 | Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. |
| CVE-2017-1000029 | 2017-07-13 | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can... |
| CVE-2017-1000030 | 2017-07-13 | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password... |
| CVE-2017-1000031 | 2017-07-13 | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. |
| CVE-2017-1000032 | 2017-07-13 | Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php. |
| CVE-2017-1000033 | 2017-07-13 | Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current... |
| CVE-2017-1000034 | 2017-07-13 | Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. |
| CVE-2017-1000035 | 2017-07-13 | Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack |
| CVE-2017-1000037 | 2017-07-13 | RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes... |
| CVE-2017-1000038 | 2017-07-13 | WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site |
| CVE-2017-1000039 | 2017-07-13 | Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution |
| CVE-2017-1000042 | 2017-07-13 | Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. |
| CVE-2017-1000043 | 2017-07-13 | Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control |
| CVE-2017-1000044 | 2017-07-13 | gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering |
| CVE-2017-1000046 | 2017-07-13 | Mautic 2.6.1 and earlier fails to set flags on session cookies |
| CVE-2017-1000047 | 2017-07-13 | rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution |
| CVE-2017-1000048 | 2017-07-13 | the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the... |
| CVE-2017-1000050 | 2017-07-13 | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a... |
| CVE-2017-1000051 | 2017-07-13 | Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content |
| CVE-2017-1000052 | 2017-07-13 | Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. |
| CVE-2017-1000053 | 2017-07-13 | Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. |
| CVE-2017-1000054 | 2017-07-13 | Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages. |
| CVE-2017-1000056 | 2017-07-13 | Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object. |
| CVE-2017-1000058 | 2017-07-13 | Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser. |
| CVE-2017-1000059 | 2017-07-13 | Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session... |
| CVE-2017-1000060 | 2017-07-13 | EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root |
| CVE-2017-1000061 | 2017-07-13 | xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service |
| CVE-2017-1000062 | 2017-07-13 | kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution |
| CVE-2017-1000063 | 2017-07-13 | kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure |
| CVE-2017-1000064 | 2017-07-13 | kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS |