CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2015-7723 59 +Priv 2017-06-07 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack.
952 CVE-2015-7582 200 +Info 2017-06-27 2017-07-05
3.5
None Remote Medium Single system Partial None None
Satellite 6.1.0 allows remote authenticated users to read administrator bookmarks.
953 CVE-2015-7514 200 +Info 2017-06-07 2017-06-14
4.0
None Remote Low ??? Partial None None
OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.
954 CVE-2015-7346 89 Sql 2017-06-07 2017-06-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ZCMS 1.1.
955 CVE-2015-7326 611 2017-06-07 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3.
956 CVE-2015-6959 79 XSS 2017-06-07 2017-06-14
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
957 CVE-2015-6540 79 XSS 2017-06-07 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.
958 CVE-2015-6531 94 Exec Code 2017-06-01 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.
959 CVE-2015-6240 59 2017-06-07 2019-09-16
7.2
None Local Low Not required Complete Complete Complete
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
960 CVE-2015-5473 22 Exec Code Dir. Trav. 2017-06-01 2017-06-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
961 CVE-2015-5378 200 +Info 2017-06-27 2019-06-17
5.0
None Remote Low Not required Partial None None
Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
962 CVE-2015-5232 362 2017-06-07 2021-06-04
9.3
None Remote Medium Not required Complete Complete Complete
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
963 CVE-2015-5202 264 2017-06-07 2017-06-15
6.5
None Remote Low ??? Partial Partial Partial
Red Hat Satellite 6 allows remote authenticated users with privileged access on a content host to authenticate to the capsule broker or server broker.
964 CVE-2015-5180 476 DoS 2017-06-27 2018-04-12
5.0
None Remote Low Not required None None Partial
res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
965 CVE-2015-5175 20 DoS 2017-06-07 2021-06-16
5.0
None Remote Low Not required None None Partial
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
966 CVE-2015-4596 264 2017-06-13 2017-06-28
4.6
None Local Low Not required Partial Partial Partial
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
967 CVE-2015-3913 20 DoS 2017-06-08 2017-06-22
7.8
None Remote Low Not required None None Complete
The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.
968 CVE-2015-3840 284 2017-06-27 2017-07-05
2.1
None Local Low Not required None Partial None
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.
969 CVE-2015-3830 20 2017-06-06 2017-06-09
4.3
None Remote Medium Not required None Partial None
The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.
970 CVE-2015-3634 200 +Info 2017-06-08 2017-06-15
5.0
None Remote Low Not required Partial None None
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.
971 CVE-2015-3315 59 2017-06-26 2018-02-19
7.2
None Local Low Not required Complete Complete Complete
Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.
972 CVE-2015-3295 284 2017-06-07 2017-06-14
5.0
None Remote Low Not required None Partial None
markdown-it before 4.1.0 does not block data: URLs.
973 CVE-2015-3254 20 DoS 2017-06-16 2018-01-05
4.0
None Remote Low ??? None None Partial
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
974 CVE-2015-3220 119 DoS Overflow 2017-06-13 2018-08-13
5.0
None Remote Low Not required None None Partial
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).
975 CVE-2015-3215 20 DoS 2017-06-26 2017-07-03
5.0
None Remote Low Not required None None Partial
The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) via a crafted length value in an IP packet, as demonstrated by a value that does not account for the size of the IP options.
976 CVE-2015-3142 200 +Info 2017-06-26 2018-01-05
1.9
None Local Medium Not required Partial None None
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.
977 CVE-2015-2800 287 DoS 2017-06-08 2017-06-20
7.8
None Remote Low Not required None None Complete
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
978 CVE-2015-2692 284 2017-06-08 2017-06-20
6.4
None Remote Low Not required None Partial Partial
AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.
979 CVE-2015-2255 19 DoS 2017-06-08 2017-06-16
4.3
None Remote Medium Not required None None Partial
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
980 CVE-2015-2253 200 +Info 2017-06-08 2017-06-20
3.5
None Remote Medium ??? Partial None None
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
981 CVE-2015-2252 94 Exec Code 2017-06-08 2017-06-20
9.3
None Remote Medium Not required Complete Complete Complete
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
982 CVE-2015-2251 200 +Info 2017-06-08 2017-06-20
5.0
None Remote Low Not required Partial None None
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
983 CVE-2015-2245 20 DoS 2017-06-27 2017-07-03
5.0
None Remote Low Not required None None Partial
Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).
984 CVE-2015-1870 200 +Info 2017-06-26 2018-01-05
2.1
None Local Low Not required Partial None None
The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.
985 CVE-2015-1795 264 Exec Code +Priv 2017-06-27 2019-04-22
7.2
None Local Low Not required Complete Complete Complete
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
986 CVE-2015-1786 352 CSRF 2017-06-08 2017-06-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.
987 CVE-2015-1778 287 2017-06-27 2017-07-05
7.5
None Remote Low Not required Partial Partial Partial
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
988 CVE-2015-1591 264 +Priv 2017-06-27 2017-07-05
4.6
None Local Low Not required Partial Partial Partial
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
989 CVE-2015-1588 79 XSS 2017-06-08 2018-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
990 CVE-2015-1379 20 DoS 2017-06-08 2017-06-15
5.0
None Remote Low Not required None None Partial
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
991 CVE-2015-1207 415 DoS Mem. Corr. 2017-06-06 2019-03-04
4.3
None Remote Medium Not required None None Partial
Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.
992 CVE-2015-0955 79 XSS 2017-06-27 2017-06-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 6.1.0.
993 CVE-2015-0936 320 2017-06-01 2021-06-17
7.5
None Remote Low Not required Partial Partial Partial
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
994 CVE-2014-9984 119 Exec Code Overflow 2017-06-12 2019-06-13
7.5
None Remote Low Not required Partial Partial Partial
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
995 CVE-2014-9983 22 Dir. Trav. 2017-06-04 2017-06-12
4.3
None Remote Medium Not required None Partial None
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
996 CVE-2014-9967 476 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
997 CVE-2014-9966 362 2017-06-13 2017-07-08
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists in Secure Display.
998 CVE-2014-9965 20 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.
999 CVE-2014-9964 190 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
1000 CVE-2014-9963 119 Overflow 2017-06-13 2017-07-08
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.
Total number of vulnerabilities : 1037   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.