CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2017-3948 79 XSS 2017-06-23 2017-07-05
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
602 CVE-2017-3750 2017-06-29 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
603 CVE-2017-3749 2017-06-29 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
604 CVE-2017-3748 2017-06-29 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
605 CVE-2017-3747 2017-06-29 2019-10-03
2.1
None Local Low Not required None Partial None
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.
606 CVE-2017-3745 287 +Priv 2017-06-20 2017-06-30
2.1
None Local Low Not required Partial None None
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
607 CVE-2017-3744 532 2017-06-20 2019-10-03
4.0
None Remote Low ??? Partial None None
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
608 CVE-2017-3743 200 +Info 2017-06-20 2017-06-30
3.5
None Remote Medium ??? Partial None None
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.
609 CVE-2017-3741 2017-06-04 2019-10-03
2.1
None Local Low Not required None Partial None
In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.
610 CVE-2017-3740 DoS 2017-06-04 2019-10-03
4.9
None Local Low Not required None None Complete
In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.
611 CVE-2017-3631 119 DoS Overflow 2017-06-22 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
612 CVE-2017-3630 787 DoS 2017-06-22 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
613 CVE-2017-3629 119 Overflow 2017-06-22 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
614 CVE-2017-3219 345 2017-06-21 2019-10-09
8.3
None Local Network Low Not required Complete Complete Complete
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash.
615 CVE-2017-3218 345 2017-06-21 2019-10-09
8.3
None Local Network Low Not required Complete Complete Complete
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
616 CVE-2017-3216 306 Bypass 2017-06-20 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request.
617 CVE-2017-3215 613 2017-06-20 2019-10-09
5.0
None Remote Low Not required None Partial None
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year. This bearer token, in combination with a user_id can be used to perform user actions.
618 CVE-2017-3214 312 2017-06-20 2020-05-21
5.0
None Remote Low Not required Partial None None
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
619 CVE-2017-3169 476 2017-06-20 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
620 CVE-2017-3167 287 Bypass 2017-06-20 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
621 CVE-2017-3127 79 Exec Code XSS 2017-06-01 2017-07-11
4.3
None Remote Medium Not required None Partial None
A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.
622 CVE-2017-3098 20 Exec Code 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
623 CVE-2017-3097 427 Exec Code 2017-06-20 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
624 CVE-2017-3096 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution.
625 CVE-2017-3095 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution.
626 CVE-2017-3094 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution.
627 CVE-2017-3093 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code execution.
628 CVE-2017-3092 427 Exec Code 2017-06-20 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
629 CVE-2017-3090 427 Exec Code 2017-06-20 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
630 CVE-2017-3089 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution.
631 CVE-2017-3088 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-07-08
10.0
None Remote Low Not required Complete Complete Complete
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution.
632 CVE-2017-3087 200 +Info 2017-06-20 2017-07-08
5.0
None Remote Low Not required Partial None None
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate.
633 CVE-2017-3086 119 Exec Code Overflow Mem. Corr. 2017-06-20 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
634 CVE-2017-3084 416 Exec Code 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution.
635 CVE-2017-3083 416 Exec Code 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution.
636 CVE-2017-3082 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution.
637 CVE-2017-3081 416 Exec Code 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.
638 CVE-2017-3079 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.
639 CVE-2017-3078 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.
640 CVE-2017-3077 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.
641 CVE-2017-3076 119 Exec Code Overflow Mem. Corr. 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.
642 CVE-2017-3075 416 Exec Code 2017-06-20 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
643 CVE-2017-2851 119 Overflow 2017-06-29 2017-07-05
6.0
None Remote Medium ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
644 CVE-2017-2850 444 Bypass 2017-06-29 2017-07-05
6.5
None Remote Low ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
645 CVE-2017-2849 78 2017-06-29 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
646 CVE-2017-2848 78 2017-06-29 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
647 CVE-2017-2847 78 2017-06-29 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
648 CVE-2017-2846 78 2017-06-29 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
649 CVE-2017-2845 78 Exec Code 2017-06-29 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution
650 CVE-2017-2844 78 Exec Code 2017-06-29 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
Total number of vulnerabilities : 1037   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.