CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2017-9985 125 DoS 2017-06-28 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
52 CVE-2017-9984 125 DoS 2017-06-28 2018-08-24
7.2
None Local Low Not required Complete Complete Complete
The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
53 CVE-2017-9982 20 DoS 2017-06-27 2017-07-03
5.0
None Remote Low Not required None None Partial
TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character.
54 CVE-2017-9955 125 DoS 2017-06-26 2019-10-03
4.3
None Remote Medium Not required None None Partial
The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.
55 CVE-2017-9954 125 DoS 2017-06-26 2019-10-03
4.3
None Remote Medium Not required None None Partial
The getvalue function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted tekhex file, as demonstrated by mishandling within the nm program.
56 CVE-2017-9953 416 DoS 2017-06-26 2017-06-30
5.0
None Remote Low Not required None None Partial
There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.
57 CVE-2017-9949 787 DoS 2017-06-26 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (stack-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02.
58 CVE-2017-9948 119 Overflow 2017-06-26 2017-07-05
6.5
None Remote Low ??? Partial Partial Partial
A stack buffer overflow vulnerability has been discovered in Microsoft Skype 7.2, 7.35, and 7.36 before 7.37, involving MSFTEDIT.DLL mishandling of remote RDP clipboard content within the message box.
59 CVE-2017-9937 119 DoS Overflow 2017-06-26 2021-02-25
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
60 CVE-2017-9936 772 DoS 2017-06-26 2019-10-03
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.
61 CVE-2017-9935 125 Exec Code Overflow Mem. Corr. 2017-06-26 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.
62 CVE-2017-9929 119 DoS Overflow 2017-06-26 2021-08-02
4.3
None Remote Medium Not required None None Partial
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.
63 CVE-2017-9928 119 DoS Overflow 2017-06-26 2021-08-02
4.3
None Remote Medium Not required None None Partial
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
64 CVE-2017-9872 119 DoS Overflow 2017-06-25 2017-08-12
6.8
None Remote Medium Not required Partial Partial Partial
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
65 CVE-2017-9871 119 DoS Overflow 2017-06-25 2017-06-29
6.8
None Remote Medium Not required Partial Partial Partial
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.
66 CVE-2017-9870 125 DoS 2017-06-25 2019-10-03
4.3
None Remote Medium Not required None None Partial
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.
67 CVE-2017-9869 125 DoS 2017-06-25 2019-10-03
4.3
None Remote Medium Not required None None Partial
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.
68 CVE-2017-9868 200 +Info 2017-06-25 2019-03-12
2.1
None Local Low Not required Partial None None
In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is world readable, which allows local users to obtain sensitive MQTT topic information.
69 CVE-2017-9865 125 DoS 2017-06-25 2019-10-03
4.3
None Remote Medium Not required None None Partial
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.
70 CVE-2017-9848 89 Exec Code Sql 2017-06-24 2017-07-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element.
71 CVE-2017-9847 125 DoS 2017-06-24 2019-10-03
4.3
None Remote Medium Not required None None Partial
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
72 CVE-2017-9846 22 Exec Code Dir. Trav. 2017-06-24 2020-06-11
6.5
None Remote Low ??? Partial Partial Partial
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder.
73 CVE-2017-9841 94 Exec Code 2017-06-27 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
74 CVE-2017-9840 434 Exec Code 2017-06-25 2017-06-30
6.5
None Remote Low ??? Partial Partial Partial
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
75 CVE-2017-9837 613 2017-06-24 2017-06-27
7.5
None Remote Low Not required Partial Partial Partial
The ws_session_logout function in Piwigo 2.9.1 and earlier does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
76 CVE-2017-9836 79 XSS 2017-06-24 2017-06-27
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).
77 CVE-2017-9833 22 Dir. Trav. 2017-06-24 2019-04-18
7.8
None Remote Low Not required Complete None None
/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges.
78 CVE-2017-9832 190 DoS Exec Code Overflow 2017-06-24 2020-04-05
4.6
None Local Low Not required Partial Partial Partial
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.
79 CVE-2017-9831 190 DoS Exec Code Overflow 2017-06-24 2020-04-05
4.6
None Local Low Not required Partial Partial Partial
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.
80 CVE-2017-9830 502 Exec Code 2017-06-27 2017-07-05
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
81 CVE-2017-9829 22 Dir. Trav. 2017-06-23 2017-07-05
5.0
None Remote Low Not required Partial None None
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected.
82 CVE-2017-9828 78 Exec Code 2017-06-23 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter.
83 CVE-2017-9815 772 DoS 2017-06-22 2019-10-03
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.
84 CVE-2017-9807 94 Exec Code 2017-06-22 2017-10-13
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig.
85 CVE-2017-9782 125 DoS 2017-06-21 2020-09-25
4.3
None Remote Medium Not required None None Partial
JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.
86 CVE-2017-9781 79 XSS 2017-06-21 2019-04-22
4.3
None Remote Medium Not required None Partial None
A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.
87 CVE-2017-9780 732 2017-06-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
88 CVE-2017-9778 20 2017-06-21 2019-10-03
4.3
None Remote Medium Not required None None Partial
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
89 CVE-2017-9776 190 DoS Overflow 2017-06-22 2019-03-12
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
90 CVE-2017-9775 119 DoS Overflow 2017-06-22 2019-03-12
4.3
None Remote Medium Not required None None Partial
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
91 CVE-2017-9774 94 Exec Code 2017-06-21 2018-08-18
6.5
None Remote Low ??? Partial Partial Partial
Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication.
92 CVE-2017-9773 20 DoS 2017-06-21 2018-08-18
4.3
None Remote Medium Not required None None Partial
Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.
93 CVE-2017-9772 Exec Code 2017-06-23 2019-10-03
10.0
None Remote Low Not required Complete Complete Complete
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
94 CVE-2017-9771 94 Exec Code 2017-06-21 2017-11-07
7.5
None Remote Low Not required Partial Partial Partial
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
95 CVE-2017-9766 674 DoS 2017-06-21 2019-10-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
96 CVE-2017-9763 119 DoS Overflow 2017-06-19 2017-07-05
5.0
None Remote Low Not required None None Partial
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
97 CVE-2017-9762 416 DoS 2017-06-19 2017-06-27
4.3
None Remote Medium Not required None None Partial
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
98 CVE-2017-9761 119 DoS Overflow 2017-06-19 2017-06-27
4.3
None Remote Medium Not required None None Partial
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
99 CVE-2017-9759 89 Sql 2017-06-19 2017-06-22
6.5
None Remote Low ??? Partial Partial Partial
SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account.
100 CVE-2017-9757 78 CSRF 2017-06-19 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
Total number of vulnerabilities : 1037   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.