CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2016-9982 200 +Info 2017-06-22 2017-06-26
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.
802 CVE-2016-9977 20 2017-06-07 2017-06-12
6.5
None Remote Low ??? Partial Partial Partial
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253.
803 CVE-2016-9973 79 XSS 2017-06-13 2017-06-26
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
804 CVE-2016-9972 264 +Info 2017-06-27 2017-06-30
4.3
None Remote Medium Not required Partial None None
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208.
805 CVE-2016-9961 189 2017-06-06 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
game-music-emu before 0.6.1 mishandles unspecified integer values.
806 CVE-2016-9960 369 DoS 2017-06-06 2018-10-30
2.1
None Local Low Not required None None Partial
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
807 CVE-2016-9834 79 XSS 2017-06-07 2017-06-14
4.3
None Remote Medium Not required None Partial None
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the "LiveConnectionDetail.jsp" application. GET parameters "applicationname" and "username" are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp.
808 CVE-2016-9747 79 XSS 2017-06-22 2017-06-28
3.5
None Remote Medium ??? None Partial None
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
809 CVE-2016-9738 254 2017-06-27 2017-06-30
5.0
None Remote Low Not required Partial None None
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.
810 CVE-2016-9736 200 +Info 2017-06-08 2017-06-13
5.0
None Remote Low Not required Partial None None
IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information.
811 CVE-2016-9710 200 +Info 2017-06-07 2017-06-14
5.0
None Remote Low Not required Partial None None
IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618.
812 CVE-2016-9698 611 DoS 2017-06-08 2017-06-14
7.5
None Remote Low ??? Partial None Complete
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999960.
813 CVE-2016-9358 798 2017-06-30 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dual Cam v139, IPM3 Single Cam v132, P520, P574, SensorX13 QC flow line, SensorX23 QC Master, SensorX23 QC Slave, Speed Batcher, T374, T377, V36, V36B, and V36C; M3210 terminal associated with the same systems as the M3000 terminal identified above; M3000 desktop software associated with the same systems as the M3000 terminal identified above; MAC4 controller associated with the same systems as the M3000 terminal identified above; SensorX23 X-ray machine; SensorX25 X-ray machine; and MWS2 weighing system. The end user does not have the ability to change system passwords.
814 CVE-2016-8987 200 +Info 2017-06-08 2017-06-12
4.0
None Remote Low ??? Partial None None
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.
815 CVE-2016-8939 200 +Info 2017-06-07 2018-01-16
2.1
None Local Low Not required Partial None None
IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) clients/agents store password information in the Windows Registry in a manner which can be compromised. IBM X-Force ID: 118790.
816 CVE-2016-8751 79 Exec Code XSS 2017-06-14 2019-03-01
3.5
None Remote Medium ??? None Partial None
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
817 CVE-2016-8746 426 2017-06-14 2017-06-19
4.3
None Remote Medium Not required None Partial None
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
818 CVE-2016-8731 798 2017-06-21 2017-07-05
7.5
None Remote Low Not required Partial Partial Partial
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.
819 CVE-2016-8493 264 2017-06-26 2018-01-17
9.0
None Remote Low ??? Complete Complete Complete
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
820 CVE-2016-8231 295 2017-06-04 2017-06-09
5.0
None Remote Low Not required None Partial None
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
821 CVE-2016-8230 200 +Info 2017-06-04 2017-06-09
5.0
None Remote Low Not required Partial None None
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
822 CVE-2016-8229 352 CSRF 2017-06-04 2017-06-09
6.8
None Remote Medium Not required Partial Partial Partial
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
823 CVE-2016-8228 264 Exec Code 2017-06-04 2017-06-09
7.2
None Local Low Not required Complete Complete Complete
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
824 CVE-2016-8219 264 2017-06-13 2017-07-03
4.0
None Remote Low ??? None None Partial
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails.
825 CVE-2016-8218 20 2017-06-13 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can allow unprivileged attackers to impersonate other users to the routing API, aka an "Unauthenticated JWT signing algorithm in routing" issue.
826 CVE-2016-7838 426 Exec Code 2017-06-09 2017-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
827 CVE-2016-7837 119 Exec Code Overflow 2017-06-09 2020-04-03
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
828 CVE-2016-7836 287 Exec Code 2017-06-09 2017-06-16
10.0
None Remote Low Not required Complete Complete Complete
SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program.
829 CVE-2016-7835 416 +Info 2017-06-09 2021-04-19
6.4
None Remote Low Not required Partial None Partial
Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information.
830 CVE-2016-7833 284 Bypass 2017-06-09 2017-06-14
6.4
None Remote Low Not required None Partial Partial
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
831 CVE-2016-7832 200 Bypass +Info 2017-06-09 2017-06-14
5.0
None Remote Low Not required Partial None None
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
832 CVE-2016-7831 601 2017-06-09 2017-06-16
5.8
None Remote Medium Not required Partial Partial None
Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage.
833 CVE-2016-7830 306 Bypass 2017-06-09 2017-06-22
5.8
None Local Network Low Not required Partial Partial Partial
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
834 CVE-2016-7826 22 Dir. Trav. 2017-06-09 2017-06-14
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
835 CVE-2016-7825 22 Dir. Trav. 2017-06-09 2017-06-15
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
836 CVE-2016-7824 284 Bypass 2017-06-09 2017-06-15
6.5
None Remote Low ??? Partial Partial Partial
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
837 CVE-2016-7823 79 XSS 2017-06-09 2017-06-15
2.3
None Local Network Medium ??? None Partial None
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
838 CVE-2016-7822 352 CSRF 2017-06-09 2017-06-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
839 CVE-2016-7821 20 DoS 2017-06-09 2017-06-15
4.3
None Remote Medium Not required None None Partial
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
840 CVE-2016-7820 119 Exec Code Overflow 2017-06-09 2017-06-16
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors.
841 CVE-2016-7819 78 Exec Code 2017-06-09 2017-06-16
9.0
None Remote Low ??? Complete Complete Complete
I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
842 CVE-2016-7818 264 +Priv 2017-06-09 2017-06-22
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
843 CVE-2016-7817 79 XSS 2017-06-09 2017-06-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
844 CVE-2016-7816 295 +Info 2017-06-09 2017-06-21
4.3
None Remote Medium Not required Partial None None
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
845 CVE-2016-7814 200 +Info 2017-06-09 2017-06-16
5.0
None Remote Low Not required Partial None None
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors.
846 CVE-2016-7813 79 XSS 2017-06-09 2017-06-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.
847 CVE-2016-7811 284 Bypass 2017-06-09 2017-06-16
5.8
None Local Network Low Not required Partial Partial Partial
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
848 CVE-2016-7810 79 XSS 2017-06-09 2017-06-16
3.5
None Remote Medium ??? None Partial None
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
849 CVE-2016-7809 352 CSRF 2017-06-09 2017-06-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
850 CVE-2016-7808 79 XSS 2017-06-09 2017-06-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 1037   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.