CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2016-7807 284 Bypass 2017-06-09 2017-06-15
5.0
None Remote Low Not required Partial None None
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
852 CVE-2016-7806 78 Exec Code 2017-06-09 2017-06-15
10.0
None Remote Low Not required Complete Complete Complete
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
853 CVE-2016-7805 295 +Info 2017-06-09 2017-06-16
4.3
None Remote Medium Not required Partial None None
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
854 CVE-2016-7803 89 Exec Code Sql 2017-06-09 2017-06-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
855 CVE-2016-7802 22 Dir. Trav. 2017-06-09 2017-06-13
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
856 CVE-2016-7801 284 Bypass 2017-06-09 2017-06-13
4.0
None Remote Low ??? None Partial None
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
857 CVE-2016-7508 89 Exec Code Sql 2017-06-21 2017-08-12
6.0
None Remote Medium ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
858 CVE-2016-7469 79 XSS 2017-06-09 2019-06-06
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.
859 CVE-2016-7062 255 2017-06-27 2017-07-05
2.1
None Local Low Not required Partial None None
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
860 CVE-2016-7050 502 Exec Code 2017-06-08 2017-06-16
7.5
None Remote Low Not required Partial Partial Partial
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.
861 CVE-2016-6655 77 Exec Code Sql 2017-06-13 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. A command injection vulnerability was discovered in a common script used by many Cloud Foundry components. A malicious user may exploit numerous vectors to execute arbitrary commands on servers running Cloud Foundry.
862 CVE-2016-6594 254 Bypass 2017-06-08 2017-06-24
5.0
None Remote Low Not required None Partial None
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
863 CVE-2016-6342 284 2017-06-27 2020-05-28
5.0
None Remote Low Not required None Partial None
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
864 CVE-2016-6098 284 2017-06-08 2017-06-13
5.5
None Remote Low ??? Partial Partial None
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
865 CVE-2016-6093 255 2017-06-08 2017-06-13
5.0
None Remote Low Not required Partial None None
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
866 CVE-2016-6089 284 2017-06-07 2017-06-12
3.6
None Local Low Not required None Partial Partial
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
867 CVE-2016-6087 20 2017-06-07 2019-10-16
5.0
None Remote Low Not required Partial None None
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
868 CVE-2016-6083 200 +Info 2017-06-27 2017-07-05
5.0
None Remote Low Not required Partial None None
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
869 CVE-2016-5960 200 +Info 2017-06-07 2017-06-13
2.1
None Local Low Not required Partial None None
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.
870 CVE-2016-5959 200 +Info 2017-06-07 2017-06-13
5.0
None Remote Low Not required Partial None None
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 116136.
871 CVE-2016-5893 200 +Info 2017-06-23 2017-06-27
2.1
None Local Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
872 CVE-2016-5648 295 2017-06-08 2018-10-09
4.3
None Remote Medium Not required Partial None None
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
873 CVE-2016-5416 200 +Info 2017-06-08 2019-04-16
5.0
None Remote Low Not required Partial None None
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
874 CVE-2016-5414 284 2017-06-27 2017-07-05
5.0
None Remote Low Not required None Partial None
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services.
875 CVE-2016-5411 255 2017-06-13 2017-07-05
10.0
None Remote Low Not required Complete Complete Complete
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.
876 CVE-2016-5405 199 2017-06-08 2017-06-16
5.0
None Remote Low Not required Partial None None
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
877 CVE-2016-5391 476 DoS 2017-06-13 2017-06-21
5.0
None Remote Low Not required None None Partial
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
878 CVE-2016-5004 400 DoS 2017-06-06 2017-06-16
4.3
None Remote Medium Not required None None Partial
The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.
879 CVE-2016-4992 200 +Info 2017-06-08 2017-06-16
5.0
None Remote Low Not required Partial None None
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
880 CVE-2016-4973 119 Overflow 2017-06-07 2017-06-15
4.6
None Local Low Not required Partial Partial Partial
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
881 CVE-2016-4910 284 Bypass 2017-06-09 2017-06-13
4.0
None Remote Low ??? None Partial None
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
882 CVE-2016-4909 352 CSRF 2017-06-09 2017-06-13
4.3
None Remote Medium Not required None None Partial
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
883 CVE-2016-4908 284 Bypass 2017-06-09 2017-06-13
4.0
None Remote Low ??? None Partial None
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
884 CVE-2016-4907 352 CSRF 2017-06-09 2017-06-13
6.8
None Remote Medium Not required Partial Partial Partial
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
885 CVE-2016-4906 79 XSS 2017-06-09 2017-06-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
886 CVE-2016-4902 426 +Priv 2017-06-09 2017-06-22
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
887 CVE-2016-4473 416 Exec Code 2017-06-08 2017-06-16
7.5
None Remote Low Not required Partial Partial Partial
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
888 CVE-2016-4471 264 Exec Code 2017-06-08 2017-06-15
6.5
None Remote Low ??? Partial Partial Partial
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
889 CVE-2016-4457 310 2017-06-08 2018-01-05
5.0
None Remote Low Not required Partial None None
CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
890 CVE-2016-4383 284 2017-06-27 2017-07-06
8.5
None Remote Medium ??? Complete Complete Complete
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
891 CVE-2016-3704 255 2017-06-13 2018-02-23
5.0
None Remote Low Not required None Partial None
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
892 CVE-2016-3696 200 +Info 2017-06-13 2018-02-23
2.1
None Local Low Not required Partial None None
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
893 CVE-2016-3690 502 Exec Code 2017-06-08 2017-06-21
7.5
None Remote Low Not required Partial Partial Partial
The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote attackers to execute arbitrary code via a crafted serialized payload.
894 CVE-2016-3112 284 2017-06-08 2018-01-05
5.0
None Remote Low Not required Partial None None
client/consumer/cli.py in Pulp before 2.8.3 writes consumer private keys to etc/pki/pulp/consumer/consumer-cert.pem as world-readable, which allows remote authenticated users to obtain the consumer private keys and escalate privileges by reading /etc/pki/pulp/consumer/consumer-cert, and authenticating as a consumer user.
895 CVE-2016-3111 200 +Info 2017-06-08 2018-01-05
2.1
None Local Low Not required Partial None None
pulp.spec in the installation process for Pulp 2.8.3 generates the RSA key pairs used to validate messages between the pulp server and pulp consumers in a directory that is world-readable before later modifying the permissions, which might allow local users to read the generated RSA keys via reading the key files while the installation process is running.
896 CVE-2016-3108 59 2017-06-08 2018-01-05
3.6
None Local Low Not required Partial Partial None
The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.
897 CVE-2016-3107 284 2017-06-08 2018-01-05
2.1
None Local Low Not required Partial None None
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
898 CVE-2016-3099 327 2017-06-08 2017-06-16
5.0
None Remote Low Not required None Partial None
mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.
899 CVE-2016-3095 200 +Info 2017-06-08 2017-06-15
2.1
None Local Low Not required Partial None None
server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local users to read the generated private key.
900 CVE-2016-3091 19 DoS 2017-06-08 2017-06-15
5.0
None Remote Low Not required None None Partial
Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.
Total number of vulnerabilities : 1037   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.