CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5651 CVE-2017-2366 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5652 CVE-2017-2362 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5653 CVE-2017-2356 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5654 CVE-2017-2355 119 DoS Exec Code Overflow 2017-02-20 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site.
5655 CVE-2017-2354 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-25
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5656 CVE-2017-2326 200 +Info 2017-04-24 2017-04-28
6.8
None Remote Low Single system Complete None None
An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis.
5657 CVE-2017-2312 399 2017-04-24 2017-07-10
6.8
None Remote Low Single system None None Complete
On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos OS based devices with either IPv4 or IPv6 LDP enabled via the [protocols ldp] configuration (the native IPv6 support for LDP is available in Junos OS 16.1 and higher). The interface on which the packet arrives needs to have LDP enabled. The affected Junos versions are: 13.3 prior to 13.3R10; 14.1 prior to 14.1R8; 14.2 prior to 14.2R7-S6 or 14.2R8; 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5; 15.1X49 before 15.1X49-D70; 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70; 16.1 before 16.1R2. 16.2R1 and all subsequent releases have a resolution for this vulnerability.
5658 CVE-2017-2306 285 Exec Code 2017-05-30 2017-06-08
6.5
None Remote Low Single system Partial Partial Partial
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device.
5659 CVE-2017-2305 285 2017-05-30 2017-06-08
6.5
None Remote Low Single system Partial Partial Partial
On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.
5660 CVE-2017-2297 255 2018-02-01 2018-02-24
6.0
None Remote Medium Single system Partial Partial Partial
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. This issue has been fixed in Puppet Enterprise 2016.4.5 and 2017.2.1. This only affects users with labeled tokens, which is not the default for tokens.
5661 CVE-2017-2295 502 Exec Code 2017-07-05 2018-05-24
6.0
None Remote Medium Single system Partial Partial Partial
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of data on the wire to PSON or safely decoded YAML.
5662 CVE-2017-2273 352 CSRF 2017-07-21 2017-08-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5663 CVE-2017-2244 352 CSRF 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5664 CVE-2017-2241 89 Exec Code Sql 2017-07-17 2017-07-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
5665 CVE-2017-2239 284 2017-07-07 2017-07-13
6.8
None Remote Medium Not required Partial Partial Partial
Marp versions v0.0.10 and earlier may allow an attacker to access local resources and files using JavaScript.
5666 CVE-2017-2238 352 CSRF 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier and Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5667 CVE-2017-2230 426 +Priv 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5668 CVE-2017-2229 426 +Priv 2017-07-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei System Ver1.0.2 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5669 CVE-2017-2227 426 +Priv 2017-07-07 2017-07-16
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5670 CVE-2017-2226 426 +Priv 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5671 CVE-2017-2225 426 +Priv 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in EbidSettingChecker.exe (version 1.0.0.0) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5672 CVE-2017-2223 352 CSRF 2017-07-07 2017-07-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5673 CVE-2017-2220 426 +Priv 2017-07-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5674 CVE-2017-2218 426 +Priv 2017-07-07 2017-07-14
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5675 CVE-2017-2215 426 +Priv 2017-07-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of "Setup file of advance preparation" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5676 CVE-2017-2209 264 +Priv 2017-06-09 2017-06-22
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of Houkokusyo Sakusei Shien Tool ver3.0.2 (For the first installation) (The version which was available on the website from 2017 April 4 to 2017 May 18) and ver2.0 and later (For the first installation) (The versions which were available on the website prior to 2017 April 4) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5677 CVE-2017-2208 426 Exec Code 2017-07-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
5678 CVE-2017-2207 426 +Priv 2017-06-09 2017-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of SaAT Personal ver.1.0.10.272 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5679 CVE-2017-2206 426 +Priv 2017-06-09 2017-06-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5680 CVE-2017-2195 89 Exec Code Sql 2017-06-09 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Multi Feed Reader prior to version 2.2.4 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
5681 CVE-2017-2188 426 +Priv 2017-07-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) 2014 March Edition (Ver.9.0.001.001) [Updated on 2017 June 9], (Ver.8.0.001.001) [Updated on 2016 May 31] and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5682 CVE-2017-2182 284 2017-06-09 2017-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2181.
5683 CVE-2017-2181 284 2017-06-09 2017-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182.
5684 CVE-2017-2179 20 Exec Code 2017-06-09 2017-06-14
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182.
5685 CVE-2017-2178 426 +Priv 2017-06-09 2017-06-21
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5686 CVE-2017-2177 426 +Priv 2017-06-09 2017-06-21
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
5687 CVE-2017-2175 426 +Priv 2017-05-22 2017-05-31
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5688 CVE-2017-2167 426 Exec Code 2017-05-12 2017-05-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
5689 CVE-2017-2156 426 Exec Code 2017-04-28 2017-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
5690 CVE-2017-2155 119 Exec Code Overflow 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.
5691 CVE-2017-2154 20 +Priv 2017-04-28 2017-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5692 CVE-2017-2140 74 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.
5693 CVE-2017-2138 352 CSRF 2017-08-02 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5694 CVE-2017-2133 89 Exec Code Sql 2017-10-20 2017-11-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
5695 CVE-2017-2132 20 2017-10-20 2017-11-08
6.4
None Remote Low Not required None Partial Partial
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.
5696 CVE-2017-2130 426 +Priv 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5697 CVE-2017-2128 78 Exec Code 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.
5698 CVE-2017-2125 264 +Priv 2017-04-28 2017-05-10
6.5
None Remote Low Single system Partial Partial Partial
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.
5699 CVE-2017-2120 89 Exec Code Sql 2017-04-28 2017-05-03
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
5700 CVE-2017-2107 426 +Priv 2017-04-28 2017-05-10
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.