CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2017-9408 772 DoS 2017-06-02 2019-10-03
4.3
None Remote Medium Not required None None Partial
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
252 CVE-2017-9407 772 DoS 2017-06-02 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
253 CVE-2017-9406 772 DoS 2017-06-02 2019-10-03
4.3
None Remote Medium Not required None None Partial
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
254 CVE-2017-9405 772 DoS 2017-06-02 2019-10-03
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
255 CVE-2017-9404 772 DoS 2017-06-02 2019-10-03
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable in tif_ojpeg.c, which allows attackers to cause a denial of service via a crafted file.
256 CVE-2017-9403 772 DoS 2017-06-02 2019-10-03
4.3
None Remote Medium Not required None None Partial
In LibTIFF 4.0.7, a memory leak vulnerability was found in the function TIFFReadDirEntryLong8Array in tif_dirread.c, which allows attackers to cause a denial of service via a crafted file.
257 CVE-2017-9380 434 Exec Code 2017-06-02 2021-06-11
6.5
None Remote Low ??? Partial Partial Partial
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
258 CVE-2017-9379 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
259 CVE-2017-9378 863 2017-06-02 2019-10-03
4.0
None Remote Low ??? None Partial None
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a user is deleted.
260 CVE-2017-9375 835 DoS 2017-06-16 2020-11-10
1.9
None Local Medium Not required None None Partial
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
261 CVE-2017-9374 401 DoS 2017-06-16 2020-11-10
2.1
None Local Low Not required None None Partial
Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device.
262 CVE-2017-9373 401 DoS 2017-06-16 2020-11-10
1.9
None Local Medium Not required None None Partial
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device.
263 CVE-2017-9372 119 DoS Overflow 2017-06-02 2017-11-05
5.0
None Remote Low Not required None None Partial
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
264 CVE-2017-9366 79 XSS 2017-06-02 2020-12-03
3.5
None Remote Medium ??? None Partial None
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter.
265 CVE-2017-9365 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
266 CVE-2017-9364 434 Exec Code Bypass 2017-06-02 2017-06-06
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
267 CVE-2017-9363 502 Exec Code 2017-06-02 2017-06-09
7.5
None Remote Low Not required Partial Partial Partial
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
268 CVE-2017-9361 79 XSS 2017-06-02 2017-06-06
4.3
None Remote Medium Not required None Partial None
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
269 CVE-2017-9360 89 Sql 2017-06-02 2017-06-06
7.5
None Remote Low Not required Partial Partial Partial
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
270 CVE-2017-9359 125 DoS 2017-06-02 2017-11-05
5.0
None Remote Low Not required None None Partial
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
271 CVE-2017-9358 835 2017-06-02 2019-10-03
5.0
None Remote Low Not required None None Partial
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
272 CVE-2017-9356 79 XSS 2017-06-23 2017-07-03
4.3
None Remote Medium Not required None Partial None
Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
273 CVE-2017-9355 918 2017-06-07 2017-08-13
4.3
None Remote Medium Not required None Partial None
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
274 CVE-2017-9354 20 2017-06-02 2019-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
275 CVE-2017-9353 20 2017-06-02 2019-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
276 CVE-2017-9352 835 2017-06-02 2019-10-03
7.8
None Remote Low Not required None None Complete
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
277 CVE-2017-9351 119 Overflow 2017-06-02 2019-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
278 CVE-2017-9350 20 2017-06-02 2019-10-03
7.8
None Remote Low Not required None None Complete
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
279 CVE-2017-9349 835 2017-06-02 2019-10-03
7.8
None Remote Low Not required None None Complete
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
280 CVE-2017-9348 119 Overflow 2017-06-02 2019-03-20
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
281 CVE-2017-9347 476 2017-06-02 2019-03-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
282 CVE-2017-9346 835 2017-06-02 2019-10-03
7.8
None Remote Low Not required None None Complete
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
283 CVE-2017-9345 835 2017-06-02 2019-10-03
7.8
None Remote Low Not required None None Complete
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
284 CVE-2017-9344 369 2017-06-02 2019-03-27
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
285 CVE-2017-9343 476 2017-06-02 2019-03-19
5.0
None Remote Low Not required None None Partial
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
286 CVE-2017-9337 79 XSS 2017-06-01 2017-06-09
4.3
None Remote Medium Not required None Partial None
The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post.
287 CVE-2017-9336 79 XSS 2017-06-01 2017-06-09
4.3
None Remote Medium Not required None Partial None
The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.
288 CVE-2017-9334 20 DoS Bypass 2017-06-01 2020-08-05
5.0
None Remote Low Not required None None Partial
An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.
289 CVE-2017-9332 79 XSS 2017-06-06 2017-06-14
4.3
None Remote Medium Not required None Partial None
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
290 CVE-2017-9331 79 XSS 2017-06-01 2020-12-03
3.5
None Remote Medium ??? None Partial None
The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter.
291 CVE-2017-9330 DoS 2017-06-08 2020-11-10
1.9
None Local Medium Not required None None Partial
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
292 CVE-2017-9324 269 +Priv 2017-06-12 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
293 CVE-2017-9310 835 DoS 2017-06-08 2020-11-10
1.9
None Local Medium Not required None None Partial
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
294 CVE-2017-9257 834 DoS 2017-06-27 2019-10-03
7.1
None Remote Medium Not required None None Complete
The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
295 CVE-2017-9256 834 DoS 2017-06-27 2019-10-03
7.1
None Remote Medium Not required None None Complete
The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
296 CVE-2017-9255 834 DoS 2017-06-27 2019-10-03
7.1
None Remote Medium Not required None None Complete
The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
297 CVE-2017-9254 834 DoS 2017-06-27 2019-10-03
7.1
None Remote Medium Not required None None Complete
The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
298 CVE-2017-9253 834 DoS 2017-06-27 2019-10-03
7.1
None Remote Medium Not required None None Complete
The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.
299 CVE-2017-9246 89 Sql Bypass 2017-06-13 2017-07-05
7.5
None Remote Low Not required Partial Partial Partial
New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism.
300 CVE-2017-9231 611 +Info 2017-06-16 2017-07-07
5.0
None Remote Low Not required Partial None None
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.
Total number of vulnerabilities : 1037   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.