The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2016-7805 | The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7807 | I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7808 | Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7809 | Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7811 | Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7813 | Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7814 | I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7816 | The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7817 | Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7818 | Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7821 | Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7822 | Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7824 | Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7825 | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7826 | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7830 | Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7831 | Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7832 | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7833 | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7835 | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7837 | Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-7838 | Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-8219 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. | MEDIUM | Jun 13, 2017 | n/a |
CVE-2016-8229 | A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-8230 | In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-8231 | In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-8496 | A potential execution of unauthorized code or commands vulnerability in Fortinet FortiClient SSL_VPN Linux versions available with FortiOS 5.4.2 and below allows attacker to potentially overwrite an existing file via the FortiClient log file. | MEDIUM | Jun 8, 2017 | n/a |
CVE-2016-8987 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-9710 | IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive information. IBM X-Force ID: 119618. | MEDIUM | Jun 7, 2017 | n/a |
CVE-2016-9736 | IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2016-9834 | An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of a request to the LiveConnectionDetail.jsp application. GET parameters applicationname and username are improperly sanitized allowing an attacker to inject arbitrary JavaScript into the page. This can be abused by an attacker to perform a cross-site scripting attack on the user. A vulnerable URI is /corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp. | MEDIUM | Jun 7, 2017 | n/a |
CVE-2016-9977 | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253. | MEDIUM | Jun 8, 2017 | n/a |
CVE-2016-9991 | IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-0375 | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-0376 | The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-0663 | libxml2: Heap-buffer-overflow in xmlAddID | MEDIUM | Jun 12, 2017 | n/a |
CVE-2017-0896 | Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to prevent this. | MEDIUM | Jun 4, 2017 | n/a |
CVE-2017-1000367 | Todd Miller\'s sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-1178 | IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123430. | MEDIUM | Jun 8, 2017 | n/a |
CVE-2017-1179 | IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-1196 | IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123671. | MEDIUM | Jun 8, 2017 | n/a |
CVE-2017-1292 | IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153. | MEDIUM | May 31, 2017 | n/a |
CVE-2017-1319 | IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731. | MEDIUM | Jun 8, 2017 | n/a |
CVE-2017-1325 | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976. | MEDIUM | May 31, 2017 | n/a |
CVE-2017-2165 | GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-2177 | Untrusted search path vulnerability in Installer of Shogyo Touki Denshi Ninsho Software Ver 1.7 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-2178 | Untrusted search path vulnerability in Installer of electronic tendering and bid opening system available prior to May 25, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-2179 | Hands-on Vulnerability Learning Tool AppGoat for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-2180 | Hands-on Vulnerability Learning Tool AppGoat for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors. | MEDIUM | Jun 9, 2017 | n/a |
CVE-2017-2181 | Hands-on Vulnerability Learning Tool AppGoat for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors, a different vulnerability than CVE-2017-2179 and CVE-2017-2182. | MEDIUM | Jun 9, 2017 | n/a |