| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1151 |
CVE-2017-0680 |
|
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096. |
|
1152 |
CVE-2017-0679 |
682 |
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978. |
|
1153 |
CVE-2017-0678 |
|
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151. |
|
1154 |
CVE-2017-0677 |
|
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074. |
|
1155 |
CVE-2017-0676 |
20 |
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431. |
|
1156 |
CVE-2017-0675 |
20 |
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. |
|
1157 |
CVE-2017-0674 |
20 |
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231163. |
|
1158 |
CVE-2017-0673 |
|
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623. |
|
1159 |
CVE-2017-0672 |
20 |
|
DoS |
2017-07-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android libraries. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-34778578. |
|
1160 |
CVE-2017-0671 |
|
|
Exec Code |
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762. |
|
1161 |
CVE-2017-0670 |
|
|
DoS |
2017-07-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36104177. |
|
1162 |
CVE-2017-0669 |
200 |
|
+Info |
2017-07-06 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752. |
|
1163 |
CVE-2017-0668 |
200 |
|
+Info |
2017-07-06 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. |
|
1164 |
CVE-2017-0667 |
20 |
|
|
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824. |
|
1165 |
CVE-2017-0666 |
682 |
|
|
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. |
|
1166 |
CVE-2017-0665 |
20 |
|
|
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414. |
|
1167 |
CVE-2017-0664 |
|
|
|
2017-07-06 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36491278. |
|
1168 |
CVE-2017-0378 |
79 |
|
XSS |
2017-07-20 |
2017-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. |
|
1169 |
CVE-2017-0377 |
200 |
|
+Info |
2017-07-02 |
2017-07-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only considers the exit relay (not the exit relay's family), which might allow remote attackers to defeat intended anonymity properties by leveraging the existence of large families. |
|
1170 |
CVE-2017-0340 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-07-07 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340. |
|
1171 |
CVE-2017-0326 |
200 |
|
+Info |
2017-07-07 |
2017-10-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326. |
|
1172 |
CVE-2017-0243 |
119 |
|
Exec Code Overflow |
2017-07-11 |
2017-07-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. |
|
1173 |
CVE-2017-0196 |
200 |
|
+Info |
2017-07-17 |
2017-07-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." |
|
1174 |
CVE-2017-0170 |
611 |
|
|
2017-07-11 |
2017-09-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". |
|
1175 |
CVE-2017-0152 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-07-17 |
2017-07-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability." |
|
1176 |
CVE-2017-0028 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-07-17 |
2017-08-04 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability." |
|
1177 |
CVE-2016-10402 |
119 |
|
Exec Code Overflow |
2017-07-27 |
2020-08-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. |
|
1178 |
CVE-2016-10401 |
255 |
|
|
2017-07-25 |
2017-11-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). |
|
1179 |
CVE-2016-10400 |
22 |
|
Dir. Trav. |
2017-07-22 |
2017-07-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. |
|
1180 |
CVE-2016-10399 |
538 |
|
File Inclusion |
2017-07-27 |
2017-08-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. |
|
1181 |
CVE-2016-10398 |
264 |
|
Bypass |
2017-07-17 |
2017-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. |
|
1182 |
CVE-2016-10397 |
20 |
|
Bypass |
2017-07-10 |
2018-01-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). |
|
1183 |
CVE-2016-10396 |
407 |
|
|
2017-07-06 |
2017-07-27 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. |
|
1184 |
CVE-2016-9989 |
79 |
|
XSS |
2017-07-05 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555. |
|
1185 |
CVE-2016-9988 |
79 |
|
XSS |
2017-07-05 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554. |
|
1186 |
CVE-2016-9987 |
79 |
|
XSS |
2017-07-05 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553. |
|
1187 |
CVE-2016-9986 |
79 |
|
XSS |
2017-07-05 |
2017-07-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552. |
|
1188 |
CVE-2016-9746 |
79 |
|
XSS |
2017-07-05 |
2017-07-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821. |
|
1189 |
CVE-2016-9733 |
79 |
|
XSS |
2017-07-05 |
2017-07-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762. |
|
1190 |
CVE-2016-9719 |
20 |
|
|
2017-07-31 |
2017-08-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733. |
|
1191 |
CVE-2016-9718 |
79 |
|
XSS |
2017-07-31 |
2017-08-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732. |
|
1192 |
CVE-2016-9717 |
20 |
|
|
2017-07-31 |
2017-08-03 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited. |
|
1193 |
CVE-2016-9716 |
352 |
|
CSRF |
2017-07-31 |
2017-08-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119729. |
|
1194 |
CVE-2016-9715 |
79 |
|
XSS |
2017-07-31 |
2017-08-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728. |
|
1195 |
CVE-2016-9714 |
352 |
|
CSRF |
2017-07-31 |
2017-08-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 119727. |
|
1196 |
CVE-2016-9701 |
79 |
|
XSS |
2017-07-05 |
2017-07-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529. |
|
1197 |
CVE-2016-9700 |
200 |
|
+Info |
2017-07-05 |
2017-07-11 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528. |
|
1198 |
CVE-2016-8975 |
79 |
|
XSS |
2017-07-24 |
2017-08-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. |
|
1199 |
CVE-2016-8964 |
200 |
|
+Info |
2017-07-13 |
2019-05-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. |
|
1200 |
CVE-2016-8953 |
601 |
|
+Info |
2017-07-12 |
2017-07-21 |
4.9 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
None |
|
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840. |
