CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4451 CVE-2017-1371 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
4452 CVE-2017-1356 89 Sql 2017-12-07 2017-12-19
6.5
None Remote Low Single system Partial Partial Partial
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
4453 CVE-2017-1352 77 Exec Code 2017-09-12 2017-09-21
6.0
None Remote Medium Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
4454 CVE-2017-1347 89 Sql 2017-06-23 2017-06-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
4455 CVE-2017-1322 611 2017-06-27 2017-07-05
6.4
None Remote Low Not required Partial None Partial
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
4456 CVE-2017-1311 89 Sql 2017-10-02 2017-10-11
6.5
None Remote Low Single system Partial Partial Partial
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
4457 CVE-2017-1300 352 CSRF 2017-11-01 2017-11-24
6.8
None Remote Medium Not required Partial Partial Partial
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.
4458 CVE-2017-1289 611 2017-05-22 2018-01-04
6.4
None Remote Low Not required Partial None Partial
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
4459 CVE-2017-1274 119 Exec Code Overflow 2017-04-25 2017-10-30
6.5
None Remote Low Single system Partial Partial Partial
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
4460 CVE-2017-1258 287 2017-07-05 2017-07-14
6.4
None Remote Low Not required Partial Partial None
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685
4461 CVE-2017-1253 78 Exec Code 2017-07-05 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
4462 CVE-2017-1222 287 2017-10-26 2017-10-31
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.
4463 CVE-2017-1218 352 CSRF 2017-07-19 2017-10-26
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
4464 CVE-2017-1194 352 CSRF 2017-04-28 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.
4465 CVE-2017-1192 611 2017-08-10 2018-02-01
6.4
None Remote Low Not required Partial None Partial
IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.
4466 CVE-2017-1190 77 Exec Code 2017-08-14 2017-08-20
6.2
None Local High Not required Complete Complete Complete
IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559.
4467 CVE-2017-1174 89 Sql 2017-08-10 2017-08-20
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.
4468 CVE-2017-1156 284 +Info 2017-05-05 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
4469 CVE-2017-1153 284 2017-03-27 2017-03-30
6.5
None Remote Low Single system Partial Partial Partial
IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability that could allow an authenticated user to execute actions that they do not have access to. IBM Reference #: 1999563.
4470 CVE-2017-1151 264 +Priv 2017-03-20 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system. IBM Reference #: 1999293.
4471 CVE-2017-1137 284 +Info 2017-05-10 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access to the admin console. IBM X-Force ID: 121549.
4472 CVE-2017-1122 77 Exec Code 2017-04-20 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174.
4473 CVE-2017-1097 352 CSRF 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 120657.
4474 CVE-2017-0926 285 2018-03-21 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login.
4475 CVE-2017-0921 640 2018-07-03 2018-09-04
6.8
None Remote Medium Not required Partial Partial Partial
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised.
4476 CVE-2017-0918 22 Exec Code Dir. Trav. 2018-03-21 2018-04-20
6.5
None Remote Low Single system Partial Partial Partial
Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution.
4477 CVE-2017-0904 254 Bypass 2017-11-13 2017-11-29
6.8
None Remote Medium Not required Partial Partial Partial
The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.
4478 CVE-2017-0902 284 2017-08-31 2018-07-14
6.8
None Remote Medium Not required Partial Partial Partial
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
4479 CVE-2017-0901 20 2017-08-31 2018-07-14
6.4
None Remote Low Not required None Partial Partial
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
4480 CVE-2017-0898 134 Mem. Corr. 2017-09-15 2018-07-14
6.4
None Remote Low Not required Partial None Partial
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
4481 CVE-2017-0804 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.
4482 CVE-2017-0803 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.
4483 CVE-2017-0802 264 2017-09-08 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36232120. References: M-ALPS03384818.
4484 CVE-2017-0794 264 2017-09-08 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.
4485 CVE-2017-0783 200 +Info 2017-09-14 2018-01-18
6.1
None Local Network Low Not required Complete None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
4486 CVE-2017-0750 264 2017-08-09 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
4487 CVE-2017-0749 264 2017-08-09 2017-08-19
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.
4488 CVE-2017-0747 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.
4489 CVE-2017-0746 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.
4490 CVE-2017-0742 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524.
4491 CVE-2017-0741 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.
4492 CVE-2017-0740 284 Exec Code 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Broadcom networking driver. Product: Android. Versions: Android kernel. Android ID: A-37168488. References: B-RB#116402.
4493 CVE-2017-0737 264 2017-08-09 2018-06-27
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.
4494 CVE-2017-0732 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.
4495 CVE-2017-0731 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.
4496 CVE-2017-0729 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.
4497 CVE-2017-0727 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.
4498 CVE-2017-0713 284 Exec Code 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.
4499 CVE-2017-0712 264 2017-08-09 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.
4500 CVE-2017-0710 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.