CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2016-3077 119 DoS Overflow 2017-06-06 2019-11-06
4.0
None Remote Low ??? None None Partial
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
902 CVE-2016-3066 200 +Info 2017-06-06 2019-06-17
4.0
None Remote Low ??? Partial None None
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
903 CVE-2016-3051 264 2017-06-07 2020-10-27
4.0
None Remote Low ??? None Partial None
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.
904 CVE-2016-3019 326 2017-06-07 2020-10-27
4.0
None Remote Low ??? Partial None None
IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462.
905 CVE-2016-2192 269 2017-06-06 2021-09-09
4.0
None Remote Low ??? None Partial None
PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.
906 CVE-2016-2034 89 Sql 2017-06-08 2017-06-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0.
907 CVE-2016-0959 416 2017-06-27 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.
908 CVE-2016-0768 284 2017-06-06 2017-06-13
5.0
None Remote Low Not required Partial None None
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
909 CVE-2016-0767 269 2017-06-06 2021-09-09
4.0
None Remote Low ??? None Partial None
PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.
910 CVE-2016-0726 798 2017-06-06 2017-06-22
7.5
None Remote Low Not required Partial Partial Partial
The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.
911 CVE-2016-0254 611 DoS 2017-06-07 2017-06-14
6.8
None Remote Low ??? None None Complete
IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote authenticated attacker could exploit this vulnerability to consume all available CPU resources and cause a denial of service. IBM X-Force ID: 110563.
912 CVE-2015-9105 79 XSS 2017-06-30 2019-10-09
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos.
913 CVE-2015-9104 79 XSS 2017-06-30 2019-10-09
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title.
914 CVE-2015-9103 79 XSS 2017-06-30 2019-10-09
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments.
915 CVE-2015-9102 79 XSS 2017-06-30 2019-10-09
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
916 CVE-2015-9101 119 DoS Overflow 2017-06-25 2021-03-26
4.3
None Remote Medium Not required None None Partial
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.
917 CVE-2015-9100 476 DoS 2017-06-25 2017-06-28
4.3
None Remote Medium Not required None None Partial
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
918 CVE-2015-9099 125 DoS 2017-06-25 2017-06-28
4.3
None Remote Medium Not required None None Partial
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.
919 CVE-2015-9098 89 Exec Code +Priv Sql 2017-06-22 2020-08-04
10.0
None Remote Low Not required Complete Complete Complete
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
920 CVE-2015-9097 93 2017-06-12 2017-07-05
4.3
None Remote Medium Not required None Partial None
The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
921 CVE-2015-9096 93 2017-06-12 2018-07-15
4.3
None Remote Medium Not required None Partial None
Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.
922 CVE-2015-9056 79 XSS 2017-06-16 2020-08-14
4.3
None Remote Medium Not required None Partial None
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack.
923 CVE-2015-9033 20 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.
924 CVE-2015-9032 200 +Info 2017-06-13 2017-07-08
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
925 CVE-2015-9031 200 +Info 2017-06-13 2017-07-08
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.
926 CVE-2015-9030 306 Bypass 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
927 CVE-2015-9029 284 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
928 CVE-2015-9028 119 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine.
929 CVE-2015-9027 476 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
930 CVE-2015-9026 476 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
931 CVE-2015-9025 119 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application.
932 CVE-2015-9024 284 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.
933 CVE-2015-9023 119 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
934 CVE-2015-9022 362 2017-06-13 2017-07-08
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs.
935 CVE-2015-9021 284 2017-06-13 2017-07-08
4.3
None Remote Medium Not required None None Partial
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
936 CVE-2015-9020 476 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
937 CVE-2015-9007 415 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
938 CVE-2015-9006 284 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
939 CVE-2015-9005 190 Overflow 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
940 CVE-2015-8697 284 2017-06-27 2017-07-03
2.1
None Local Low Not required None Partial None
stalin 0.11-5 allows local users to write to arbitrary files.
941 CVE-2015-8538 20 DoS 2017-06-07 2017-06-14
4.3
None Remote Medium Not required None None Partial
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
942 CVE-2015-8326 59 2017-06-07 2017-06-14
3.6
None Local Low Not required None Partial Partial
The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.
943 CVE-2015-8235 22 Dir. Trav. 2017-06-07 2018-05-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Spiffy before 5.4.
944 CVE-2015-7898 284 DoS 2017-06-27 2017-07-03
2.1
None Local Low Not required None None Partial
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
945 CVE-2015-7895 284 DoS 2017-06-27 2017-07-03
2.1
None Local Low Not required None None Partial
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
946 CVE-2015-7888 22 Dir. Trav. 2017-06-07 2017-06-14
7.8
None Remote Low Not required None Complete None
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
947 CVE-2015-7781 275 2017-06-27 2017-06-30
5.0
None Remote Low Not required Partial None None
ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.
948 CVE-2015-7780 22 Dir. Trav. 2017-06-27 2017-06-30
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.
949 CVE-2015-7732 200 +Info 2017-06-15 2017-06-28
5.0
None Remote Low Not required Partial None None
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
950 CVE-2015-7724 59 +Priv 2017-06-07 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723.
Total number of vulnerabilities : 1037   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.