Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9559 | 1 Meafinancial | 1 Vision Bank | 2017-06-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9558 | 1 Wawacu | 1 Wawa Employees Credit Union Mobile | 2017-06-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-5893 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336. | |||||
| CVE-2016-6877 | 1 Citrix | 1 Xenmobile Server | 2017-06-27 | 2.6 LOW | 5.3 MEDIUM |
| ** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session. | |||||
| CVE-2016-8496 | 2017-06-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2016-8497 | 2017-06-27 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2017-1131 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375. | |||||
| CVE-2017-1132 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418. | |||||
| CVE-2017-1193 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667. | |||||
| CVE-2017-1302 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 2.1 LOW | 5.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456. | |||||
| CVE-2017-1347 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. | |||||
| CVE-2017-1348 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524. | |||||
| CVE-2016-9983 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-26 | 3.5 LOW | 5.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275. | |||||
| CVE-2016-9982 | 1 Ibm | 1 Sterling B2b Integrator | 2017-06-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274. | |||||
| CVE-2017-9573 | 1 Northadamsbank | 1 Nasb Mobile Bank | 2017-06-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-9973 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2017-06-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209. | |||||
| CVE-2016-8498 | 2017-06-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. | |||||
| CVE-2017-8547 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2017-06-26 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. | |||||
| CVE-2017-8544 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2017-06-26 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". | |||||
| CVE-2017-9754 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The process_otr function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not validate a certain offset, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9752 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during "objdump -D" execution. | |||||
| CVE-2017-9753 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The versados_mkobject function in bfd/versados.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, does not initialize a certain data structure, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9745 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-9744 | 1 Gnu | 1 Binutils | 2017-06-26 | 6.8 MEDIUM | 7.8 HIGH |
| The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | |||||
| CVE-2017-8534 | 1 Microsoft | 3 Office, Windows 7, Windows Server 2008 | 2017-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285. | |||||
| CVE-2017-8531 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2017-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533. | |||||
| CVE-2017-8529 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2017-06-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | |||||
| CVE-2017-8528 | 1 Microsoft | 6 Office, Windows 7, Windows 8.1 and 3 more | 2017-06-26 | 9.3 HIGH | 8.8 HIGH |
| Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283. | |||||
| CVE-2017-8519 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows 8.1 and 3 more | 2017-06-26 | 7.6 HIGH | 7.5 HIGH |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547. | |||||
| CVE-2017-6667 | 1 Cisco | 1 Context Service Development Kit | 2017-06-26 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0. | |||||
| CVE-2017-6383 | 2017-06-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7855. Reason: This candidate is a reservation duplicate of CVE-2017-7855. Notes: All CVE users should reference CVE-2017-7855 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-9504 | 2017-06-26 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9741. Reason: This candidate is a reservation duplicate of CVE-2017-9741. Notes: All CVE users should reference CVE-2017-9741 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2016-6594 | 1 Bluecoat | 3 Advanced Secure Gateway, Cacheflow, Proxysg | 2017-06-24 | 5.0 MEDIUM | 7.5 HIGH |
| Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | |||||
| CVE-2017-1152 | 1 Ibm | 1 Financial Transaction Manager | 2017-06-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293. | |||||
| CVE-2017-6683 | 1 Cisco | 1 Elastic Services Controller | 2017-06-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-8813 | 2017-06-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8831. Reason: This candidate is a duplicate of CVE-2017-8831. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2017-8831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-2219 | 1 Baidu | 1 Simeji | 2017-06-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-6682 | 1 Cisco | 1 Elastic Services Controller | 2017-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76). | |||||
| CVE-2017-9073 | 2017-06-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-0176. Reason: This candidate is a reservation duplicate of CVE-2017-0176. Notes: All CVE users should reference CVE-2017-0176 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2017-2210 | 1 Gsi | 1 Patchjgd | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2212 | 1 Gsi | 1 Tky2jgd | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. 1.3.79 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2213 | 1 Gsi | 1 Semidynaexe | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2211 | 1 Gsi | 1 Patchjgd | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2214 | 1 Jiransoft | 2 Appcheck, Appcheck Pro | 2017-06-22 | 9.3 HIGH | 8.4 HIGH |
| Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | |||||
| CVE-2017-2193 | 1 Tera Term Project | 1 Tera Term | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-3913 | 1 Huawei | 44 S12700, S12700 Firmware, S2300 and 41 more | 2017-06-22 | 7.8 HIGH | 7.5 HIGH |
| The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | |||||
| CVE-2017-2176 | 1 Jasdf | 1 Screensavers | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in screensaver installers (jasdf_01.exe, jasdf_02.exe, jasdf_03.exe, jasdf_04.exe, jasdf_05.exe, scramble_setup.exe, clock_01_setup.exe, clock_02_setup.exe) available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-9759 | 1 Zenbership | 1 Zenbership | 2017-06-22 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. | |||||
| CVE-2016-4902 | 1 Jpki | 3 The Public Certification Service For Individuals, The Public Certification Service For Individuals For Windows 7, The Public Certification Service For Individuals For Windows Vista | 2017-06-22 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-7818 | 1 Japan Pension Service | 4 Device Data Encryption Program, Specification Check Program, Todokesho Creation Program and 1 more | 2017-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||