CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5951 CVE-2017-1194 352 CSRF 2017-04-28 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
5952 CVE-2017-1192 611 2017-08-10 2018-02-01
6.4
None Remote Low Not required Partial None Partial
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.
5953 CVE-2017-1190 77 Exec Code 2017-08-14 2017-08-20
6.2
None Local High Not required Complete Complete Complete
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
5954 CVE-2017-1174 89 Sql 2017-08-10 2017-08-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
5955 CVE-2017-1156 284 +Info 2017-05-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
5956 CVE-2017-1153 284 2017-03-27 2017-03-30
6.5
None Remote Low Single system Partial Partial Partial
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
5957 CVE-2017-1151 264 +Priv 2017-03-20 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
5958 CVE-2017-1137 284 +Info 2017-05-10 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.
5959 CVE-2017-1122 77 Exec Code 2017-04-20 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.
5960 CVE-2017-1097 352 CSRF 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
5961 CVE-2017-0926 285 2018-03-21 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
5962 CVE-2017-0921 640 2018-07-03 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
5963 CVE-2017-0918 22 Exec Code Dir. Trav. 2018-03-21 2018-04-20
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
5964 CVE-2017-0904 254 Bypass 2017-11-13 2017-11-29
6.8
None Remote Medium Not required Partial Partial Partial
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
5965 CVE-2017-0902 284 2017-08-31 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
5966 CVE-2017-0901 20 2017-08-31 2019-05-13
6.4
None Remote Low Not required None Partial Partial
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
5967 CVE-2017-0898 134 Mem. Corr. 2017-09-15 2018-07-14
6.4
None Remote Low Not required Partial None Partial
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
5968 CVE-2017-0804 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.
5969 CVE-2017-0803 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.
5970 CVE-2017-0802 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818.
5971 CVE-2017-0794 264 2017-09-08 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
5972 CVE-2017-0783 200 +Info 2017-09-14 2018-01-18
6.1
None Local Network Low Not required Complete None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
5973 CVE-2017-0750 264 2017-08-09 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
5974 CVE-2017-0749 264 2017-08-09 2017-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.
5975 CVE-2017-0747 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.
5976 CVE-2017-0746 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.
5977 CVE-2017-0742 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524.
5978 CVE-2017-0741 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.
5979 CVE-2017-0740 284 Exec Code 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402.
5980 CVE-2017-0737 264 2017-08-09 2018-06-27
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.
5981 CVE-2017-0732 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.
5982 CVE-2017-0731 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
5983 CVE-2017-0729 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.
5984 CVE-2017-0727 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
5985 CVE-2017-0713 284 Exec Code 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.
5986 CVE-2017-0712 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.
5987 CVE-2017-0710 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.
5988 CVE-2017-0707 264 2017-07-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.
5989 CVE-2017-0704 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.
5990 CVE-2017-0663 284 Exec Code 2017-06-14 2017-11-10
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
5991 CVE-2017-0638 284 Exec Code 2017-06-14 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High because it is a remote arbitrary code execution in an unprivileged process. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36368305.
5992 CVE-2017-0554 264 +Priv 2017-04-07 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946.
5993 CVE-2017-0478 284 Exec Code 2017-03-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716.
5994 CVE-2017-0477 284 Exec Code 2017-03-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647.
5995 CVE-2017-0476 119 Exec Code Overflow Mem. Corr. 2017-03-07 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925.
5996 CVE-2017-0409 284 Exec Code 2017-02-08 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646.
5997 CVE-2017-0408 284 Exec Code 2017-02-08 2017-07-24
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670.
5998 CVE-2017-0382 284 Exec Code 2017-01-12 2017-01-18
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.
5999 CVE-2017-0373 20 2017-05-23 2017-06-08
6.8
None Remote Medium Not required Partial Partial Partial
The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.
6000 CVE-2017-0367 264 2018-04-13 2018-05-14
6.5
None Remote Low Single system Partial Partial Partial
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.