Monthly Archives: July 2017

USAID Acting Administrator Wade Warren’s Welcome Remarks at the 2017 Mandela Washington Leadership Summit


Undefined
Monday, July 31, 2017

Hi everybody.  What a great crowd.  You’ve heard this already from a couple of the speakers but I just want to say, welcome to Washington.  I know that for many of you the last six weeks have been the first time that you have been to the United States, so I wanted to say, welcome to the United States.  Also, we’re so happy to have you here with us.  When they asked me if I would be willing to come and speak at this event this morning, I jumped at the chance.  I’ve spent the majority of my career at USAID working in Africa and on African issues, both here in Washington and I also lived in Zimbabwe and Botswana, and traveled throughout the continent.

Nature Contact and Human Health: A Research Agenda

Author Affiliations open

1Department of Environmental and Occupational Health Sciences, School of Public Health, University of Washington, Seattle, Washington, USA

2Center for Conservation Biology, Stanford University, Stanford, California, USA

3Center for Creative Conservation, University of Washington, Seattle, Washington, USA

4School of Environmental and Forest Sciences, University of Washington, Seattle, Washington, USA

5Willamette Partnership, Portland, Oregon, USA

6Department of Psychology, University of Washington, Seattle, Washington, USA

7The Nature Conservancy, Seattle, Washington, USA

8Department of Pediatrics, University of Washington School of Medicine, Seattle, Washington, USA

9Seattle Children’s Hospital, Seattle, Washington, USA

10School of Aquatic and Fishery Sciences, University of Washington, Seattle, Washington, USA

11Department of Chemistry, University of Washington, Seattle, Washington, USA

12 Pacific Northwest Research Station, USDA Forest Service, Seattle, Washington, USA

13The Natural Capital Project, Stanford University, Stanford, California, USA

PDF icon PDF Version (974 KB)

  • Background:
    At a time of increasing disconnectedness from nature, scientific interest in the potential health benefits of nature contact has grown. Research in recent decades has yielded substantial evidence, but large gaps remain in our understanding.
    Objectives:
    We propose a research agenda on nature contact and health, identifying principal domains of research and key questions that, if answered, would provide the basis for evidence-based public health interventions.
    Discussion:
    We identify research questions in seven domains: a) mechanistic biomedical studies; b) exposure science; c) epidemiology of health benefits; d) diversity and equity considerations; e) technological nature; f) economic and policy studies; and g) implementation science.
    Conclusions:
    Nature contact may offer a range of human health benefits. Although much evidence is already available, much remains unknown. A robust research effort, guided by a focus on key unanswered questions, has the potential to yield high-impact, consequential public health insights. https://doi.org/10.1289/EHP1663
  • Received: 26 January 2017
    Revised: 12 May 2017
    Accepted: 25 May 2017
    Published: 31 July 2017

    Address correspondence to H. Frumkin, Dept. of Environmental and Occupational Health Sciences, University of Washington School of Public Health, Box 354695, Seattle, WA 98195-4695 USA; Telephone: 206-897-1723; Email: frumkin@uw.edu

    H.F. served on the Boards of the Children and Nature Network and the Seattle Parks Foundation (uncompensated). P.H.K. Jr. serves as Editor-in-Chief of the journal Ecopsychology and receives some financial compensation for this work from the publisher. J.J.L. serves on the Board of The Nature Conservancy, Washington chapter (uncompensated). P.S.L. has grants from Pew Charitable Trusts, the David and Lucille Packard foundation, the Gordon and Betty Moore Foundation, and the Lenfest Foundation. P.S.T. serves on the Board of Islandwood, a nature education center (uncompensated).

    All other authors declare they have no actual or potential competing financial interests.

    Note to readers with disabilities: EHP strives to ensure that all journal content is accessible to all readers. However, some figures and Supplemental Material published in EHP articles may not conform to 508 standards due to the complexity of the information being presented. If you need assistance accessing journal content, please contact ehponline@niehs.nih.gov. Our staff will work with you to assess and meet your accessibility needs within 3 working days.

Introduction

Humans are increasingly disconnected from nature. Most people—over half globally, and approximately four in five Americans—live in urban areas, where nature contact is typically limited (United Nations 2015). Surveys reveal that Americans spend >90% of their time indoors: most of that time is spent in buildings, and a smaller portion in vehicles (Klepeis et al. 2001). Screen time has reached daily averages of 1 h 55 min for children younger than 8 y old (Rideout 2013) and 7 h 38 min for those between 8 and 18 y old (Rideout et al. 2010). In 2016, the average “total media consumption” was 10 h 39 min per day among adults and was rising (Nielsen 2016). Park visitation, hunting, fishing, camping, and children’s outdoor play have all declined substantially over recent decades (Clements 2004; Frost 2010; Pergams and Zaradic 2008).

In this context, recent years have seen a blossoming of scientific interest in the benefits of nature contact for human health and well-being. Several recent reviews have summarized and evaluated the growing evidence base (Bowler et al. 2010; Hartig et al. 2014; James et al. 2015; Lee and Maheswaran 2011; Martens and Bauer 2013; Russell et al. 2013; Seymour 2016). This literature reveals an extraordinarily broad range of benefits, albeit with varying levels of evidentiary support (Table 1).

Table 1. Summary of evidence-based health benefits of nature contact.
No. Health/well-being benefits References
1 Reduced stress Berto 2014; Fan et al. 2011; Nielsen and Hansen 2007; Stigsdotter et al. 2010; van den Berg and Custers 2011; van den Berg et al. 2010; Ward Thompson et al. 2016
2 Better sleep Astell-Burt et al. 2013; Grigsby-Toussaint et al. 2015; Morita et al. 2011
3 Improved mental health:
 Reduced depression Astell-Burt et al. 2014c; Beyer et al. 2014; Cohen-Cline et al. 2015; Gascon et al. 2015; Kim et al. 2009; Maas et al. 2009b; McEachan et al. 2016; Nutsford et al. 2013; Sturm and Cohen 2014; Taylor et al. 2015; White et al. 2013
 Reduced anxiety Beyer et al. 2014; Bratman et al. 2015a; Maas et al. 2009b; Nutsford et al. 2013; Song et al. 2013; Song et al. 2015
4 Greater happiness, well-being, life satisfaction Ambrey 2016; Fleming et al. 2016; Larson et al. 2016; MacKerron and Mourato 2013; Van Herzele and de Vries 2012; White et al. 2013
5 Reduced aggression Bogar and Beyer 2016; Branas et al. 2011; Kuo and Sullivan 2001a, b; Troy et al. 2012; Younan et al. 2016
6 Reduced ADHD symptoms Amoly et al. 2014; Faber Taylor et al. 2001; Faber Taylor and Kuo 2009; Faber Taylor and Kuo 2011; Kuo and Faber Taylor 2004; Markevych et al. 2014b; van den Berg and van den Berg 2011
7 Increased prosocial behavior and social connectedness Broyles et al. 2011; Dadvand et al. 2016; de Vries et al. 2013; Fan et al. 2011; Holtan et al. 2015; Home et al. 2012; Piff et al. 2015; Sullivan et al. 2004
8 Lower blood pressure Duncan et al. 2014; Markevych et al. 2014a; Shanahan et al. 2016
9 Improved postoperative recovery Park and Mattson 2008; Park and Mattson 2009; Ulrich 1984
10 Improved birth outcomes Reviewed by Dzhambov et al. 2014
11 Improved congestive heart failure Mao et al. 2017
12 Improved child development (cognitive and motor) Fjørtoft 2001; Kellert 2005
13 Improved pain control Acutely (Diette et al. 2003; Lechtzin et al. 2010) and chronically (Han et al. 2016)
14 Reduced obesity Bell et al. 2008; Cleland et al. 2008; P. Dadvand et al. 2014a; Lachowycz and Jones 2011; Sanders et al. 2015; Stark et al. 2014
15 Reduced diabetes Astell-Burt et al. 2014a; Bodicoat et al. 2014; Brown et al. 2016; Thiering et al. 2016
16 Better eyesight French et al. 2013; Guggenheim et al. 2012; He et al. 2015
17 Improved immune function Li et al. 2006; Li et al. 2008a; Li et al. 2008b; Li et al. 2010; Li and Kawada 2011
18 Improved general health:
 Adults Brown et al. 2016; de Vries et al. 2003; Kardan et al. 2015; Maas et al. 2006; Maas et al. 2009b; Stigsdotter et al. 2010; Wheeler et al. 2015
 Cancer survivors Ray and Jakubec 2014
 Children Kim et al. 2016
19 Reduced mortality Coutts et al. 2010; Gascon et al. 2016b; Hu et al. 2008; James et al. 2016; Takano et al. 2002; Villeneuve et al. 2012
20 Asthma and/or allergies (studies show both improvements and exacerbations) Andrusaityte et al. 2016; Dadvand et al. 2014a; Fuertes et al. 2014; Fuertes et al. 2016; Lovasi et al. 2013; Lovasi et al. 2008; Ruokolainen et al. 2015

Note: ADHD, attention-deficit hyperactivity disorder. The references in Table 1 are illustrative rather than exhaustive; they include both recent reviews and research reports and older, widely cited publications.

Despite this considerable body of evidence, key questions remain unresolved (Frumkin 2013). In this paper, we propose a research agenda on nature contact and health, with the aim of systematically identifying key questions that merit research attention.

Definitions and Scope

A necessary starting point is the definition of nature contact. In general, by “nature” we mean “areas containing elements of living systems that include plants and nonhuman animals across a range of scales and degrees of human management, from a small urban park through to relatively ‘pristine wilderness’” (Bratman et al. 2012), together with abiotic elements such as sunset or mountain views. We acknowledge that multiple definitions of nature are appropriate, varying with the form of nature contact being studied and the ways in which people relate to nature. We note the far-reaching discourse on nature as a social construct (Cronon 1996), which is beyond the scope of this paper. Similarly, there is a philosophical argument that humans are a part of nature, a view that calls into question any distinction between humans and nature, and hence the very possibility of “nature deficit” (Fletcher 2016). This argument is beyond the scope of this paper. The important category of animal contact, the subject of a large body of literature (Barker and Wolen 2008; Kamioka et al. 2014; Matchock 2015), is beyond the scope of this paper, as are the health benefits of the food and materials resulting from harvesting activities such as foraging, fishing, and hunting.

There are many forms of nature contact, varying by spatial scale, proximity, the sensory pathway through which nature is experienced (visual, auditory, etc.), the individual’s activities and level of awareness while in a natural setting, and other factors. Figure 1 displays various examples of nature contact along just two of these two scales, spatial and temporal. Much contemporary research focuses on greenspace as the exposure of interest, perhaps because of ease of measurement, but we take a broader approach, ranging from plants in a room to views through windows to camping trips to virtual reality imagery. Researchers must define and operationalize the specific form of nature contact they are studying. We return to this point below in our discussion of exposure assessment.

Plot showing forms of nature contact, namely, wilderness adventures; outings in natural settings; activities in natural settings, e.g. hiking, green exercise; land care activity e.g. civic stewardship; hands-on activities, e.g. gardening, fishing; residing in a green neighborhood; visiting a public garden; nature-based education; potted plants; window views of nature; and green school or work setting, along spatial scale (y-axis) and frequency (x-axis).
Figure 1. A spectrum of forms of nature contact.

With regard to outcomes, we take a broad definition of health, including physical and mental health, social well-being, academic and job performance, and happiness. The effects of nature contact on proenvironmental knowledge, attitudes, and behavior are the subject of an extensive body of literature (Collado et al. 2015; Wells and Lekies 2006) but are beyond the scope of this paper. Similarly, the outcomes we consider are limited to those affecting humans, excluding impacts of human–nature contact on other species or on natural systems more generally.

Methods

We assembled a multidisciplinary group at the University of Washington including expertise in epidemiology, environmental health, clinical medicine, psychology, ecology, landscape architecture, urban studies, public policy, and anthropology. The group studied published reviews of the nature–health connection, as well as primary research reports, and discussed research needs with end-users ranging from conservationists to nature preschool administrators to parks officials. Through iterative discussion and consensus formation, we sought to identify domains in which important questions remain unanswered, and in which research would advance the field. Within each domain, we identified specific research priorities.

Several principles guided the formulation of this research agenda. First, we recognized the value of diverse disciplines and professions. Second, we recognized the need to balance linear, reductionist approaches to research with complex, systems-based approaches, as advocated in other relevant domains of research (Dooris 2006; Liu et al. 2007), and we entertained research topics and strategies reflecting both approaches. Third, we recognized the need to integrate quantitative and qualitative data, and we entertained research topics that would draw on both kinds of data. Fourth, we emphasized research topics that are relevant and useful for decision makers and affected communities so that research results might have the greatest likelihood of being applied and benefiting people. Fifth, we emphasized research topics that, when appropriate, could engage affected populations both in defining research questions and methods and in conducting the research. For example, community-based participatory research, a well-established set of methods that improve the quality and relevance of research (Blumenthal et al. 2013; Jason and Glenwick 2016), has been applied to the study of nature contact (Bijker and Sijtsma 2017).

We identified seven domains of research on nature contact and health, as shown in Table 2. We considered ranking topics within each domain in order of importance but elected not to do so, mindful that in this highly interdisciplinary and context-dependent field, different investigators and decision makers likely differ in their scientific perspectives and information needs. However, we did identify top-level research questions based on scientific importance, tractability, and potential public health impact; these questions are designated with bold-face type in the listings that follow.

Table 2. Nature contact and health research domains.
Domain
1. Mechanistic biomedical studies
2. Exposure science
3. Epidemiology of health benefits
4. Diversity and equity considerations
5. Technological nature
6. Economic and policy studies
7. Implementation science

Domain 1: Mechanistic Biomedical Studies

A central aspect of health research is identifying the mechanisms that account for observed health effects: for example, the components of cigarette smoke that are carcinogenic and the immunologic pathways by which the smallpox vaccine confers protection. With respect to nature contact and health, the diversity of benefits suggests a broad, nonspecific physiological pathway of action, a multiplicity of pathways, or a combination of these. These pathways may have an evolutionary origin, as proposed by the biophilia hypothesis (Kellert and Wilson 1993; Wilson 1984). The mechanisms are only partially understood, and authors are unanimous in noting the need for deeper understanding (Dadvand et al. 2016; de Vries et al. 2013; Groenewegen et al. 2012; Hartig et al. 2014; Keniger et al. 2013; Lachowycz and Jones 2013; Shanahan et al. 2015b; Sullivan and Kaplan 2016). Such understanding would be invaluable in designing and testing strategies for delivering beneficial nature contact.

Several mechanisms have been hypothesized: psychological pathways, enhanced immune function, physical activity, social contact, and improved air quality. Each of these is considered below.

Psychological Pathways

Two complementary theoretical frameworks, both invoking psychological mechanisms, have been identified (Berto 2014). Stress Recovery Theory (SRT) emphasizes the role of nature in relieving physiological stress, whereas Attention Restoration Theory (ART) emphasizes the role of nature in relieving mental fatigue.

Stress reduction is both a health benefit in and of itself and a potential mechanism for other health benefits (Lovallo 2015). Some research has focused on short-term indicators: for example, experiments that expose subjects to stressful stimuli with and without nature contact and measure acute responses such as skin conductance and salivary cortisol levels (Parsons et al. 1998; Ulrich et al. 1991; van den Berg and Custers 2011). Other research has focused on a longer time frame: for example, comparing people living in more- and less-green neighborhoods with regard to subjective levels of stress (Nielsen and Hansen 2007; Stigsdotter et al. 2010; Ward Thompson et al. 2016) or ability to cope with stressful life events (van den Berg et al. 2010; Ward Thompson et al. 2016). The results consistently show that nature contact reduces stress; the relative importance of this direct pathway, and mediation through social contact, physical activity, and/or other factors, is less clear (Ward Thompson et al. 2016).

Attention restoration was proposed as a mechanism by Kaplan and Kaplan (Kaplan and Kaplan 1989; Kaplan 1995). This theory holds that excessive concentration can lead to “directed attention fatigue,” and that contact with nature—specifically with sufficient extent to feel immersed, and in ways that confer a sense of being away, that capture attention effortlessly (“soft fascination”), and that are compatible with personal preferences—engages a less taxing, indirect form of attention, thereby facilitating recovery of directed attention capacity. Empirical support has come from studies of attention deficit disorder (Faber Taylor and Kuo 2009, 2011; van den Berg and van den Berg 2011) and from diverse settings and populations (Brunson et al. 2001; Evensen et al. 2015; Li and Sullivan 2016). There is some evidence that the two mechanisms—stress reduction and attention restoration—may operate concurrently, yielding cognitive and affective benefits independently or through an interaction of the psychological processes involved (Li and Sullivan 2016).

Additional psychological mechanisms might interact with (or be independent of) stress reduction, attention restoration, or both. What is the role of awe—the sense of wonder, amazement, and smallness that may occur in response to perceptually vast stimuli (Keltner and Haidt 2003; Piff et al. 2015; Rudd et al. 2012; Shiota et al. 2007)? What is the role of mystery—the allure of seeing and knowing more by entering more deeply into a setting (Herzog and Bryce 2007; Szolosi et al. 2014)? How does nature contact influence the regulation of emotions (in adaptive and/or maladaptive ways) (Bratman et al. 2015a)? How might personality structure mediate the benefits of nature contact (Ambrey and Cartlidge 2017)? How might stress reduction and attention restoration operate differently in different groups, based on such factors as cultural background and socioeconomic position (Russell et al. 2013)?

Each of these constructs—stress reduction, attention restoration, awe, mystery—is based in theory. With increasing use of more precise psychophysiological measures in both laboratory and field settings, it is likely that they will evolve toward operationally defined constructs grounded in specific neural pathways.

Enhanced Immune Function

In a recent review, Kuo (Kuo 2015) argued that improved immune function accounts for many of the health benefits of nature, based on meeting three criteria: accounting for the magnitude of observed health benefits; accounting for the specific health outcomes observed; and subsuming other possible pathways. Nature contact may enhance immune function in at least two ways on very different time scales. First, consistent with the “hygiene hypothesis,” contact with microbial and other antigens in natural settings during particular developmental windows may modify immune function over the lifespan (Hanski et al. 2012; Kondrashova et al. 2013; Nicolaou et al. 2005; Rook 2013; Ruokolainen et al. 2015; Stiemsma et al. 2015), perhaps operating through effects on the microbiome (Lee and Mazmanian 2010). Second, short-term exposures to some natural substances (such as phytoncides from trees) have been associated with improved natural killer (NK) cell activity (Li et al. 2006, 2008a, 2008b, 2010; Li and Kawada 2011). Stress recovery and immune function mechanisms may not be distinct because of reciprocal relationships between these two physiologic systems (Irwin and Cole 2011; Nusslock and Miller 2016).

Increased Physical Activity

Physical activity confers a broad range of health benefits, including prevention and/or amelioration of obesity, cardiovascular disease, some cancers, diabetes, some mental illness, osteoporosis, gall bladder disease, and other conditions (Bauman et al. 2016; Lee et al. 2012; WHO 2010). Natural surroundings such as vegetated streetscapes, parks, and schoolyards are generally associated with higher levels of physical activity in both children and adults, a plausible mechanism for many of the observed health benefits of nature contact (Bancroft et al. 2015; Bingham et al. 2016; Calogiuri and Chroni 2014; Fraser and Lock 2011; Gray et al. 2015; Hunter et al. 2015; Kaczynski and Henderson 2007; Koohsari et al. 2015; Lee et al. 2015; O’Donoghue et al. 2016; Shanahan et al. 2016; Sugiyama et al. 2014). The mechanisms by which green surroundings might facilitate physical activity are not well understood; aesthetic preference may play a role (Shanahan et al. 2016). In children, evidence suggests that play in natural environments is associated with the development of motor skills such as balance and coordination, which in turn enable and predict physical activity (Fjørtoft 2001; Fjørtoft 2004). The dynamic and irregular characteristics of natural play spaces may explain this observation. Some studies have demonstrated a benefit from green neighborhoods independent of physical activity (Cohen-Cline et al. 2015; Fan et al. 2011; Feda et al. 2015; Nielsen and Hansen 2007), and some studies have found weak or no association between nature contact and physical activity (Gubbels et al. 2016; Hillsdon et al. 2006; Witten et al. 2008), suggesting that physical activity only partially accounts for health benefits. A challenge in interpreting these results is the possibility of reverse causation: people inclined to be physically active may seek recreation in green, outdoor settings. Moreover, the nature→physical activity→health pathway may vary across subpopulations, settings, levels of access, programming, and other factors.

A promising line of research regarding physical activity in natural settings pertains to “green exercise.” There is some evidence that physical activity in outdoor, natural settings confers more benefits than equivalent exertion in indoor or constructed settings (Barton et al. 2016; Coon et al. 2011). A better understanding of this phenomenon might help clarify the mechanisms by which nature contact benefits health.

Social Connectedness

Social connectedness is strongly associated with health (Kawachi et al. 2008). To the extent that nature contact promotes social connections, this may be a mechanism for associated health benefits (Maas et al. 2009a).

Support for this pathway comes from studies of prosocial behavior and of social capital (networks of social relationships and the norms of trust and reciprocity). With regard to prosocial behavior and attitudes, observational studies of residential greenness (Dadvand et al. 2016; Kweon et al. 1998; Sullivan et al. 2004) and of nearby parks (Fan et al. 2011) and experimental studies of brief nature exposures (Piff et al. 2015; Zelenski et al. 2015) have found an association between nature contact and prosocial outcomes. [One exception was a study of children in Kaunas, Lithuania, which found the opposite result (Balseviciene et al. 2014)]. With regard to social capital, studies have found that living in greener neighborhoods (de Vries et al. 2013; Holtan et al. 2015; Kemperman and Timmermans 2014) and using parks (Broyles et al. 2011; Home et al. 2012; Kaźmierczak 2013) are associated with greater social cohesion, with the strength and extent of social networks, or with both. Further research could clarify the ways in which natural features promote social connectedness and how this pathway interacts with other possible mechanisms of benefit.

Improved Air Quality

Air quality in rural or wilderness settings is generally superior to that in urban settings. In urban settings, tree canopy may reduce ambient levels of particulate matter and gaseous air pollutants, although most studies find this air-quality improvement to be slight (Nowak et al. 2013; Nowak et al. 2014). Moreover, any benefits must be weighed against potential disbenefits. Trees can in some cases worsen asthma (Andrusaityte et al. 2016; Dadvand et al. 2014a; Kimes et al. 2004; Lovasi et al. 2013), a likely result of pollen, soil fungi, other vegetation-associated allergens, the production of hydrocarbons (ozone precursors), or a combination of these factors (Grote et al. 2016). Trees can also impede air circulation, reducing the dispersion of air pollutants in urban canyons (Vos et al. 2013). To the extent that vegetation improves air quality, nature contact may offer protection against respiratory and cardiovascular disease.

Other Benefits of Nearby Nature

There are myriad other benefits of nearby nature that extend beyond these psychological and physical health mechanisms (Bolund and Hunhammar 1999; Livesley et al. 2016; Tzoulas et al. 2007). For example, urban vegetation, particularly trees, can reduce and filter storm-water runoff (Berland et al. 2017); regulate local temperatures, resulting in attenuated heat island effects (Bowler et al. 2010) and reduced energy demand (Nowak et al. 2017); provide pollination services (Hall et al. 2017; Threlfall et al. 2015) and wildlife habitat (Alvey 2006; Murgui and Hedblom 2017); reduce urban noise (Margaritis and Kang 2017); and sequester and store carbon (Davies et al. 2011). Larger natural areas outside of cities can contribute even more to carbon sequestration and storage, water filtration, and timber and game production.

Proposed research priorities

  1. 1.1. To what extent does stress reduction mediate observed health benefits of nature contact?
    1. 1.1a. Both short-term and long-term
    2. 1.1b. Which natural elements are most associated with stress reduction?
    3. 1.1c. Which markers of stress reduction are most useful in studying this effect?
  2. 1.2. To what extent does improved immune function mediate observed health benefits of nature contact?
    1. 1.2a. Both short-term and long-term
    2. 1.2b. Which natural elements are most associated with improved immune function?
    3. 1.2c. Which markers of immune function are most useful in studying this effect?
    4. 1.2d. What is the role of the human microbiome in mediating this effect?
  3. 1.3. To what extent does social connectedness account for, or mediate, observed health benefits of nature contact?
    1. 1.3a. Both short-term and long-term
    2. 1.3b. Which social arrangements or activities best optimize the benefits of nature contact through this pathway?
  4. 1.4. Does nature-based physical activity confer benefits above and beyond equivalent physical activity in nature-free settings?
    1. 1.4a. If so, which natural elements best account for the additional benefits?
  5. 1.5. For each of these potential mechanisms, how do other factors—demographic, social, biomedical, and ecological—affect the associations between nature contact and health?

Domain 2: Exposure Science

Exposure science (or exposure assessment) is: “the process of estimating or measuring the magnitude, frequency, and duration of exposure to an agent, along with the number and characteristics of the population exposed. Ideally, it describes the sources, pathways, routes, and the uncertainties in the assessment” (Zartarian et al. 2005). This discipline is a sine qua non of research on environmental impacts on people, whether the research focus is on pathogens, medications, toxic chemicals, social circumstances, or salutary exposures such as nature (Armstrong et al. 2008; Lioy and Weisel 2014; Nieuwenhuijsen 2003). Despite the centrality of exposure assessment in epidemiologic research, there is little agreement on how best to define nature contact for research purposes (Hunter and Luck 2015; Taylor and Hochuli 2017), let alone how to measure it (Mitchell et al. 2011; Wheeler et al. 2015). Various approaches have been used.

In some research, quantitative measures of natural elements serve as metrics of nature contact. Most recent research has measured greenspace; as noted above, greenspace is a more limited construct than nature contact. Two main kinds of exposure metrics are typically used: “cumulative opportunity” and distance (Ekkel and de Vries 2017). Cumulative opportunity refers to the total amount of nearby greenness (on the assumption that nature contact is proportional to this parameter). The most frequently used measure is the Normalized Difference Vegetation Index (NDVI), which assesses the density of photosynthetically active biomass based on satellite imagery (Gascon et al. 2016a; Rhew et al. 2011). Related metrics include the Enhanced Vegetation Index (EVI) (Huete et al. 2002), the Leaf Area Index (LAI) (Hu et al. 2014), the Building Proximity to Green Spaces Index (BGPI) (Li et al. 2014), and Object-Based Image Analysis (OBIA) using light detection and ranging (LiDAR), a laser-based imaging technology (MacFaden et al. 2012). To date, most studies have defined exposure to these quantitative measures based on the residential environment, an approach limited by spatial resolution and subject to misclassification (if people spend highly variable amounts of time at home). However, such data can be combined with Global Positioning System (GPS) tracking using devices such as smartphones to characterize individual exposure patterns as people move about during defined periods of observation (Chaix et al. 2013). The second quantitative approach, distance to greenspace, such as distance from home to a park, uses geospatial information. Few studies have compared cumulative opportunity and distance as exposure assessment strategies, but in studies that used both (Amoly et al. 2014; Coutts et al. 2010; Dadvand et al. 2014b; Jonker et al. 2014; Triguero-Mas et al. 2015), cumulative opportunity was a better predictor of health outcomes (Ekkel and de Vries 2017) [with at least one exception (Grazuleviciene et al. 2015)].

Semiquantitative measures of nature contact are also used. Examples include the presence or absence of plants in a classroom (Han 2009), the presence or absence of a tree view from a window (Ulrich 1984), the proportion of aquatic elements in a picture (White et al. 2010), or the density of fish in an aquarium (Cracknell et al. 2016). At a larger spatial scale, land-use or land-cover maps are often used. These maps classify landscape elements as “dense urban,” “forest,” “cropland,” and so on. An extensive listing of such databases is available for the United States at the U.S. Geological Survey Land Cover Institute web site (https://landcover.usgs.gov/) and for the United Kingdom at the U.K. Office for National Statistics Generalised Land Use Database (https://data.gov.uk/dataset/land_use_statistics_generalised_land_use_database). “Exposure” is approximated by integrating the time spent in each setting. Innovative technology permits more complex characterizations. For example, Google Street View can be used to assess the degree of nature encountered by a person at street level (Li et al. 2016). Similarly, social media data can help quantify visits to natural areas and behavior patterns within those areas (Sessions et al. 2016; Wood et al. 2013).

Standard approaches to exposure measurement share at least five limitations. First, they fail to capture variations in how people experience nature, nuances that may be highly relevant to health benefits (Kahn 2010). Suppose that one person sits in a car atop a seaside bluff and admires the view of the beach (while checking e-mail on a smartphone), a second person walks barefoot along the shore, enjoying not only the view but the feel of the sea breeze and the lapping waves, and a third person plunges in for a swim. The designation “beach contact” or a measure of “time at the beach” would fall far short of capturing the variation in their experiences. Among the relevant variables are the specific sensory modalities involved. Most research assumes that people’s contact with nature is visual, but other modes, such as auditory (Conniff and Craig 2016; Feld 2015), tactile, and olfactory, likely play a role. Specific forms of nature contact (Step 4 in Figure 2) need to be identified and measured.

Flow diagram.
Figure 2. A proposed framework for studying the health benefits of nature contact (adapted from Shanahan et al. 2015b).

Second, commonly used exposure measures have low reproducibility. Several studies have assessed the concordance among various measures of greenspace or tree canopy. These measures include direct observation; the use of Google Street View, Google Earth, or similar technologies; and the use of secondary sources such as land-cover data sets (Ben-Joseph et al. 2013; Charreire et al. 2014; Clarke et al. 2010; Pliakas et al. 2017; Rundle et al. 2011; Taylor et al. 2011). These measures have generally shown poor to fair agreement among the different approaches, suggesting a pervasive problem with measuring greenspace exposure (much less nature contact).

Third, commonly used exposure measures cannot quantify the “dose,” that is to say, what a person experiences during an episode of nature contact. If two people—one observant and highly attuned to nature, the other oblivious or distracted—both walk down the same forest path, they are likely to “absorb” differing levels of nature. “Nature connectedness” and/or awareness may be important (and highly culture-specific) mediators of “dose,” and through it of health benefits (Cervinka et al. 2012; Lin et al. 2014; Perrin and Benassi 2009). Even among people who are highly attuned to nature, perceptions may vary substantially (Beaudreau et al. 2011; Stier et al. 2017). Qualitative measures may have a role in addressing such limitations. Indeed, subjective ratings of vegetation or scenery (Hoyle et al. 2017; Seresinhe et al. 2015) may approximate “dose” as well as, or better than, objective measures. Emerging technologies such as smartphone apps that allow people to describe their surroundings may play an important role here (Schootman et al. 2016). Such crowd-sourced data need to be evaluated in terms of validity and generalizability.

Fourth, standard exposure measures typically focus more on physical than on temporal attributes. As in pharmacology and toxicology, the duration and frequency of exposure are important components of dose. If two people live in the same neighborhood with a certain amount of tree canopy, but one has lived there for 20 y and takes a 30-min walk each day, whereas the other just moved there a year ago and only ventures outside twice a month for 10 min each time, the two people have substantially different exposure profiles, a difference not captured by measures of their neighborhood street canopy.

Fifth, standard exposure measures are not grounded in the ecological elements most relevant to human health and well-being. What is it about a walk in the forest that confers benefits? Is it the vegetation type (Wheeler et al. 2015)? The level of biodiversity (Dallimer et al. 2012; Lovell et al. 2014; Rook 2013)? Does it matter if the trees are in leaf, or is a wintertime walk equally effective? Is wildness required, or does an orderly tree farm or agricultural field suffice? Precisely which elements of exposure need to be measured?

The choice of exposure metrics is consequential; there is evidence that research findings may vary with the exposure metrics used. For example, a study of green space exposure in relation to general health (Akpinar et al. 2016) found that “aggregated green space” performed differently from “forest,” and that urban green space performed differently from rural green space, in predicting mental health complaints.

Research is needed across all metrics of nature exposure to identify the metrics that are most accurate and precise and that best predict human responses of interest. The resulting insights, coupled with better knowledge of mechanisms of benefit, are needed to guide the provision of “the best dose of the best exposures.”

Proposed research priorities

  1. 2.1. Which metrics of nature best predict various health benefits?
  2. 2.2. For each such metric, what is its accuracy? What is its precision?
  3. 2.3. What is the role of subjective assessments, and of “nature connectedness,” in measuring nature contact?
  4. 2.4. How do exposure metrics vary in their performance by population and other factors?
  5. 2.5. What are the roles of duration and frequency of exposure in predicting health benefits?

Domain 3: Epidemiology of Health Benefits

The State of Research

Although recent research has identified many associations between nature contact and health, much remains to be learned. The body of epidemiologic research consists principally of three categories of study: true experiments, “natural experiments,” and observational studies, with observational studies accounting for the preponderance of the literature.

True experiments are the gold standard in science. In the nature and health domain, examples include clinical trials of nature imagery for pain relief during medical procedures (Diette et al. 2003; Lechtzin et al. 2010), of nature adventure therapy in the treatment of post-traumatic stress disorder (PTSD) in veterans (Gelkopf et al. 2013), of horticultural therapy in pain management (Verra et al. 2012), and of park walks in workplace stress management (de Bloom et al. 2017). The challenges of such experiments include their cost and the difficulty of assessing long-term outcomes; indeed, most reported trials have been limited to relatively short-term outcomes. Opportunities include the emergence of innovative techniques for measuring outcomes that can be readily applied in experimental settings (see below).

Natural experiments are study opportunities that resemble experiments but that arise through circumstances outside the investigator’s control (Dunning 2012). In the nature and health domain, examples include a comparison of surgical outcomes in patients with and without views of trees through their hospital room windows (Ulrich 1984); a comparison of women’s health in counties with and without tree loss resulting from emerald ash borer infestation (Donovan et al. 2015); a comparison of self-discipline in children living in public housing with and without nearby trees (Taylor et al. 2002); and a study of crime and stress in relation to the greening of neglected vacant lots, comparing blocks already treated with blocks not yet treated (Branas et al. 2011). In each instance, the strength of the study depends on the extent to which the two groups compared do not differ in ways other than the exposure of interest. Natural experiments have important advantages: they are opportunities to study realistic exposures in realistic settings, they can study long-term outcomes more readily than true experiments, and they can be far less expensive than true experiments. They can yield powerful insights, as illustrated by John Snow’s classic study of water sources during the 1854 cholera epidemic in London (Snow 1855). However, natural experiments pose several challenges for researchers. Practically, they require a nimble and rapid response once a study opportunity is recognized, often exceeding the capacity of funders, ethics committees, and other institutional structures. The more thorny challenge is conceptual: natural experiments are highly susceptible to bias, that is to say, to the tendency for exposure to vary across a study population by factors that are also associated with outcomes (Craig et al. 2012; Rutter 2007). Confounding and reverse causation can be difficult to exclude. For example, if people who walk in natural settings evince lower levels of stress than those who do not, is that because the nature contact has a salutary effect, or is it because people who are better at managing their stress choose to take more nature walks?

Finally, retrospective observational studies comprise the bulk of the literature on nature contact and health. Examples include the many recent studies of various health outcomes according to the greenness of residential neighborhoods. These studies have several advantages. They are practical. They can be conducted more rapidly than prospective studies. They can readily address long-term health outcomes. By using data collected for other purposes, they reduce costs. However, they also face the considerable challenges of controlling bias and confounding as well as the potential limits of data not designed specifically for testing nature–health hypotheses.

Directions for Future Research

Potential enhancements in epidemiologic research on the nature–health connection include innovative data sources, more diverse study settings, improved exposure assessment (discussed above), innovative outcome measures, and improved analytical approaches.

With respect to data sources, one option is tapping into large, ongoing cohort studies. For example, a recent analysis of the Nurses’ Health Study (NHS) examined the association between residential greenness and causes of death (James et al. 2016). This analysis benefited from the well-established, high-quality exposure and outcome data in an ongoing study. A related option is adding measures of nature contact to ongoing studies. For instance, both the Behavioral Risk Factor Surveillance System (BRFSS) and the National Health Interview Survey (NHIS) inquire about physical activity, but until now, neither has inquired about whether that activity takes place outdoors.

Improved computing capabilities offer the possibility of acquiring and analyzing “big data” from innovative sources. Examples include administrative data from health care systems (Birkhead et al. 2015; Mazzali and Duca 2015), mobile health data (Chen et al. 2012; Hayden 2016), environmental sources such as Google Street View and webcams (Schootman et al. 2016), and social media sources such as Twitter (Hamad et al. 2016). For instance, with smartphone apps such as Mappiness (http://www.mappiness.org.uk/), Track Your Happiness (https://www.trackyourhappiness.org/), and Urban Mind (https://www.urbanmind.info/), users record their emotions. These responses are geolocated, permitting the study of minute-to-minute associations between proximity to nature and emotional states. The same is true for disease-specific apps such as Share the Journey, developed to study breast cancer (http://sharethejourneyapp.org/).

With regard to study settings, most studies of nature contact and health have been carried out in cool, temperate climates, generally in high-income countries. Relatively little research has evaluated desert, mountainous, or shoreline landscapes—places where major population centers are located. Similarly, little research has been based in low- and middle-income settings, with their distinct profiles of environmental conditions and health vulnerabilities. Epidemiologic research in such settings will extend knowledge considerably.

Innovative outcome measures offer great promise when applied to health research on nature exposure (Haluza et al. 2014). These measures include stress indicators such as cortisol, amylase, and skin conductance (Beil and Hanes 2013; Jiang et al. 2014; JJ Roe et al. 2013); measures of brain activity including novel EEG methods (Aspinall et al. 2015; J Roe et al. 2013; Tilley et al. 2017) and functional brain imaging (Bratman et al. 2015b); genetic markers such as leukocyte basal gene expression profiles (Fredrickson et al. 2013); and telomere shortening (Woo et al. 2009). The use of physiological measurements may help elucidate mechanisms of action, as discussed above.

Finally, because nature contact invariably operates as part of a complex web of health determinants, statistical analysis must address this complexity. Analytical techniques including multilevel analysis (Diez-Roux 2000), complex causal process diagrams (Joffe and Mindell 2006), path analysis and structural equations, and the use of counterfactuals (Berzuini et al. 2012; Pearl 2009; Pearl et al. 2016) may all be useful in controlling bias and confounding; in disentangling multivariate, multilevel, bidirectional associations; and in clarifying causal pathways.

Advancing epidemiologic research requires both the improved methods described above as well as confirmation and clarification of specific associations. Figure 2 (based on Shanahan et al. 2015b) shows a model for this research. In this figure, a natural element such as tree canopy is identified and associated with defined functions (such as casting a shadow) that have direct or indirect effects on people (such as reducing UV radiation exposure) that in turn affect health (such as reducing skin cancer risk). The association between ecosystem functions and human effects may be subject to mediation and effect modification by a range of factors; these are encompassed by the term “moderating factors” in Figure 2.

Of the innumerable potential associations between nature contact and health, which are the most important to study? Although priorities will vary from setting to setting, the most common exposures (for example, urban greenspace, given the preponderance of people who live in cities) and the most common and/or high-consequence outcomes (such as conditions that account for a high burden of suffering) should be research priorities. Research should also focus on characterizing associations in ways that are relevant to practice, such as by defining dose–response relationships. Additionally, as discussed below, research should focus on subpopulations at particular risk or on those that could benefit disproportionately from nature contact, such as children, the elderly, and deprived groups.

Proposed research priorities

  1. 3.1. How is nature contact associated with specific health outcomes of public health importance, such as cardiovascular disease, cancer, depression, anxiety, well-being, and happiness?
    1. 3.a. How do these associations vary across different populations, life stages, and other factors?
    2. 3.b. Which forms of nature contact are most beneficial?
  2. 3.2. What “dose” and duration of exposure are needed to yield a benefit? How long does the beneficial effect last? Can habituation occur, with attenuated benefit over time?
  3. 3.3. If people born and raised in one setting relocate to a setting with different natural features, do the benefits of nature contact still operate?
  4. 3.4. Are there particular benefits from contact with landscapes or ecosystems that align with human evolutionary origins and/or with conservation priorities?
  5. 3.5. What are the adverse effects, if any, of nature contact?

Domain 4: Diversity and Equity—The Role of Nature Contact

At least four major strands of research are needed with respect to diversity and equity: a) patterns of disproportionate exposure; b) cultural and contextual factors that affect nature preferences and the experience of nature; c) differing patterns of benefit across different populations; and d) the possibility that improved access to nature may have unintended negative consequences on vulnerable populations.

With respect to disparities in access to nature, there is considerable evidence that disadvantaged urban populations are relatively deprived of access to nature and greenspace (Astell-Burt et al. 2014b; Boone et al. 2009; Dahmann et al. 2010; Heynen et al. 2006; Jennings and Gaither 2015; Jennings et al. 2016; Li et al. 2016; Pedlowski et al. 2002; Schwarz et al. 2015; Wolch et al. 2014). Much of this research centers on park access in urban settings. In some circumstances, studies have shown disadvantaged populations to have equal or greater proximity to parks and tree canopy (Barbosa et al. 2007; Cutts et al. 2009; Rigolon 2016; Schwarz et al. 2015; Vaughan et al. 2013; Wen et al. 2013), but typically in these situations, the quality of the parks, the level of programming, and/or park access remain significant barriers to park use.

There is also evidence that nature preferences vary across ethnic, cultural, and racial backgrounds. Tragically, the legacy of forced labor, lynchings, and other violence may evoke deeply disturbing associations with trees, fields, and forests among some African Americans (Johnson et al. 1997; Johnson and Bowker 2004). Diverse populations also express diverse preferences with respect to greenspace: a baseball diamond for some, a soccer field for others, picnic facilities for still others (Gobster 2002; Ho et al. 2005; Payne et al. 2002; Smiley et al. 2016). Similarly, the preferred forms of nature contact may vary: a group activity for some, solitary hikes for others. Such differences are deeply rooted in historical and geographic context (Buijs et al. 2009; Byrne and Wolch 2009). Livelihood may play an important role: a rural farmer likely has quite different preferences regarding nature from those of an urban computer programmer. These cultural and other filters may help determine whether, and how, nature contact confers health benefits. (There are limits to this approach: people may not fully recognize and report their own preferences, and attention restoration or other mechanisms could operate independently of preference or even awareness.) Research is needed to clarify the origin and durability of such preferences and their effects on health benefits. In practical terms, research on how best to engage communities in planning parks and greenspace will likely yield the best-performing facilities in terms of park use, health, and well-being.

There is evidence that contact with nature and greenspace may disproportionately benefit disadvantaged populations, attenuating the toxic effects of poverty and reducing health disparities—the so-called “equigenic” effect (Lachowycz and Jones 2014; Maas et al. 2006; Mitchell and Popham 2007, 2008; Mitchell et al. 2015). This effect needs to be confirmed and clarified in different settings, using a variety of study designs. If nature contact can help mitigate the toxic effects of poverty, this information could help guide interventions both to achieve both social justice goals and to realize the greatest return on investment in terms of human well-being.

Finally, improvements in access to greenspace may lead to “green gentrification,” an increase in property values that displaces low-income residents from their neighborhoods (Anguelovski 2017; Lewis and Gould 2017; Miller 2016; Wolch et al. 2014). This process needs to be studied and understood so that its adverse effects can be prevented.

Research on these dimensions of equity with respect to nature contact will permit both understanding the interplay of social disadvantage and nature contact and designing and targeting the most effective strategies for improving health and well-being for all (Rutt and Gulsrud 2016; Smiley et al. 2016).

Potential research priorities

  1. 4.1. How does access to nature vary by socioeconomic status, ethnicity, cultural background, and other social factors, in specific settings?
  2. 4.2. How do preferences and perceptions of nature vary by socioeconomic status, ethnicity, and other demographic factors, in specific settings, and how do these differences affect choices regarding time in nature?
  3. 4.3. What are the obstacles, both subjective and objective, to increasing the frequency of nature contact for disadvantaged communities?
  4. 4.4. How do the benefits of nature contact vary by socioeconomic status, ethnicity, and other demographic factors, in specific settings?
  5. 4.5. What unintended negative consequences flow from “green gentrification,” and what policies and practices help avoid those consequences?

Domain 5: Technological Nature

Modern information and communication technology that leverages digital computation is becoming exponentially more sophisticated and pervasive and may profoundly alter the human relationship with nature (Kahn 2011; Kurzweil 2005). Increasing use of technology—as exemplified by growing “screen time,” particularly among children—can compete with such activities as play in natural settings (Radesky and Christakis 2016; Vanderloo 2014) enough to have prompted the American Academy of Pediatrics to recommend limits on children’s screen time (Council on Communications and Media 2016).

However, technology does not only interfere with nature contact. “Technological nature” refers to technologies that mediate, simulate, promote, and/or augment the human experience of nature (Kahn 2011). Examples include real-time digital screen representations of local nature (digital nature “windows”), robot pets, and tele-robot-operated gardens. Virtual reality applications may simulate nature-based experiences (Guttentag 2010; Schutte et al. 2017), and the Pokémon Go game, during a peak in popularity in 2016, may have triggered outdoor activity (although the quality of the resulting nature interaction is unknown) (Althoff et al. 2016; Dorward et al. 2017; Howe et al. 2016). Other smartphone apps may facilitate or inform a connection with nature; examples include apps that assist with identifying trees, birds, or constellations.

Studies of people interacting with technological nature have begun to suggest that such interaction is better for people than no exposure to nature, but not as beneficial as genuine nature exposure (Kahn Jr et al. 2008; Kahn 2011; Melson et al. 2009). However, whether this initial trend generalizes across a wide range of human metrics, and if so, whether it will persist with increasing fidelity of technological nature, remain open questions. Research could also focus on the ways in which technological nature could broaden and even change the human experience of nature. One near-future example is linking apps with networked artificial intelligence conversational systems. Virtual reality is also a near-future pervasive form of interaction in social media and beyond, including in contact with the natural world (Guttentag 2010). Because of the growing role of technology in human–nature interactions, it is important to understand how best to harness technology to maximize health benefits.

Technological nature may be useful in another way: laboratory-based controlled experiments utilizing technology may help tease apart which aspects of the nature experience have which effects on people and how these effects are moderated according to individual differences. Here again, attention would need to be paid to how the technological nature experience compares to the actual nature experience.

Proposed research priorities

  1. 5.1. How can specific forms of technological nature increase and deepen the human experience of nature?
  2. 5.2. Where, how, and why does technological nature fall short in conferring human benefits relative to the actual experience of nature?
  3. 5.3. What forms of technological nature contact provide health benefits, and what are those benefits?
  4. 5.4. How do these findings vary by technology, context, and across age groups and other demographic factors?
  5. 5.5. What insights can virtual nature contact provide into the causal mechanisms of psychological benefits, and how ecologically valid will these insights be?

Domain 6: Economic and Policy Studies, Including Cobenefits

The benefits of nature contact need to be studied and tested not only as scientific hypotheses but also as policy propositions; this requires quantitative estimates of the value of these benefits. The principal intellectual framework for this approach comes from the field of ecological economics (Costanza 2015; Farley and Daly 2011; Stagl and Common 2005), and more particularly from the analysis and valuation of ecosystem services (Hester and Harrison 2010; Ninan and Costanza 2014; Ruckelshaus et al. 2015). Both civil society (Harnik and Welle 2009; NRPA 2015) and academic researchers (Naidoo et al. 2006; Roy et al. 2012; Shoup 2010) characterize the ecosystem services provided by parks and greenspace, tree canopy, open land, and other natural assets. However, these analyses generally focus on biophysical processes such as storm water management, air quality, and erosion control, omitting explicit consideration of human health and well-being. Key reports often fail even to mention human health, much less to quantify it as an ecosystem service (Fisher et al. 2009; Posner et al. 2016; Seppelt et al. 2011)—an omission that is likely to lead to incorrect conclusions and suboptimal policies.

Fortunately, recent publications have begun to integrate human health into ecosystem services analyses (Bayles et al. 2016; Breslow et al. 2016; Ford et al. 2015; Lindgren and Elmqvist 2017; Salmond et al. 2016; Sandifer et al. 2015; Willis and Petrokofsky 2017) and even to propose quantitative metrics (Jackson et al. 2013; Smith et al. 2013). In some cases, research identifies and quantifies the health cobenefits of green infrastructure and/or conservation efforts, providing a more complete picture than would otherwise be available (Coutts and Hahn 2015; Larsen et al. 2012; Wolf and Robbins 2015). Health economics research can help value both health gains and relatively intangible benefits such as aesthetic enjoyment and happiness, as well as help quantify avoided health care costs, attributable to nature contact. Although precise estimates may be elusive and uncertainty must be acknowledged, in many cases, health benefits will be large enough to rival other ecosystem services in value. Importantly, this work needs to take a life course approach; although average medical costs during childhood are low, investments in nature contact early in life may yield substantial health improvements, and avoided medical costs, later in life (Wolf et al. 2015). Moreover, analysis needs to account for disbenefits of nature contact, such as allergic reactions and excessive sunlight exposure. Much more research and analysis are needed to address these issues.

Cost–benefit analyses need to estimate how much benefit will flow from specific kinds of investments in nature contact and to make comparisons among policy alternatives, a key consideration for city officials, park managers, and other decision makers confronting the reality of limited resources (Ruckelshaus et al. 2015). This research requires mechanistic models that can predict a mix of monetary and nonmonetary ecosystem services. Teams of scientists and policy makers need to be highly multidisciplinary to perform “full benefit accounting” that considers both health benefits and nonhealth benefits (ranging from storm water management to biodiversity protection to enhanced property value) of nature’s services.

As noted above, policy research needs to include a strong focus on equity issues—from documenting disparities in nature access to testing solutions to preventing gentrification and other unintended consequences of interventions.

Proposed research priorities

  1. 6.1. What are the best methods for valuing the health benefits of nature?
  2. 6.2. What is the health-related value of various forms of nature contact?
    1. 6.2a. Cost–benefit analyses
    2. 6.2b. Cost-effectiveness analyses
    3. 6.2c. Long-term analyses across the life span
    4. 6.2d. Integration with other ecosystem services assessments
  3. 6.3. What are the optimal methods of combining both health and nonhealth cobenefits of various forms of nature contact?

Domain 7: Implementation Science—Studies of What Works

Research findings do not necessarily translate into action. According to one leading researcher, “[d]issemination and implementation of research findings into practice are necessary to achieve a return on investment in our research enterprise and to apply research findings to improve outcomes in the broader community” (Colditz 2012). This is the motivation for implementation science—research that “supports movement of evidence-based effective health care and prevention strategies or programs from the clinical or public health knowledge base into routine use” (Colditz 2012). Although descriptive studies can identify and quantify health benefits of nature contact, intervention studies are needed to determine what works in practice (Kondo et al. 2015).

Like translational research in medicine, designed to bring research findings “from the bench to the bedside” to improve patient outcomes, studies of the nature–health association can be designed with real-world application in mind. Such studies might be structured as true experiments, consistent with clinical trials used routinely in biomedical research. They might also take the form of program evaluations following a wide range of interventions. Integrated quantitative and qualitative research may provide the most comprehensive understanding of health impacts, from individual to community scales. Important products of such work are predictive models and decision tools for use by planners and decision makers. For example, some cities use tools such as the U.S. Forest Service’s i-Tree software (http://www.itreetools.org/) to analyze environmental services associated with tree planting. Might further development of such tools incorporate additional mental and physical health benefits?

Proposed research priorities

(Examples only; research topics in this domain will vary by particular circumstances)

  1. 7.1. With respect to specific interventions designed to promote health and well-being through nature contact, how are they implemented (legal and administrative arrangements, partnerships, costs, and financial mechanisms), and how do they work (in terms of attracting people and yielding desired outcomes)? Examples of potential high-impact research include the following:
    1. 7.1a. Which trail and park designs perform best in promoting physical activity (Qviström 2016)?
    2. 7.1b. How should children’s play spaces be designed to optimize nature contact (Gundersen et al. 2016)?
    3. 7.1c. Which configurations of children’s outdoor schools optimize health, social relationships, and learning (Roe and Aspinall 2011; Söderström et al. 2013)?
    4. 7.1d. Which design features in natural settings (such as sweeping views, known as “prospect,” and safe places to hide, known as “refuge”) make them most restorative (Gatersleben and Andrews 2013)?
    5. 7.1e. What dose of nature is needed to optimize benefits (Hunter and Askarinejad 2015; Shanahan et al. 2015a, 2016)? How is that dose most effectively delivered? Are programs such as Park Prescriptions, in which health care providers direct their patients to spend time in natural settings, effective (Coffey and Gauderer 2016)?
    6. 7.1f. Which outdoor programs most effectively treat post-traumatic stress disorder in veterans (Poulsen et al. 2015)?
    7. 7.1g. What is the efficacy of horticultural therapy in treating dementia, anxiety, stress, and other conditions in the institutionalized and noninstitutionalized elderly (Detweiler et al. 2012)?

Conclusions

According to the best available evidence, nature contact offers considerable promise in addressing a range of health challenges, including many, such as obesity, cardiovascular disease, depression, and anxiety, that are public health priorities. Nature contact offers promise both as prevention and as treatment across the life course. Potential advantages include low costs relative to conventional medical interventions, safety, practicality, not requiring dispensing by highly trained professionals, and multiple cobenefits. Few medications can boast these attributes.

However, many questions regarding the health benefits of nature contact remain unanswered. A robust program of scientific research is needed to generate evidence-based answers to these questions. This paper has identified seven domains of research that, together, frame an agenda for needed research: mechanistic biomedical studies, exposure science, epidemiologic studies, studies focusing on diversity and equity, studies of technological nature, economic and policy studies, and implementation science. Although particular challenges exist in such areas as exposure assessment, innovative data sources and analytical techniques represent exciting opportunities. The results of such research will guide interventions across a wide range of settings, populations, spatial scales, and forms of nature. Health professionals, ecologists, landscape architects, parks staff, educators, and many others will in turn be able to apply these results to improve health and well-being on a large scale.

Acknowledgments

This research agenda was facilitated by the Center for Creative Conservation at the University of Washington, which receives partial support from REI. Support for K.L.W. was provided by the Pacific Northwest Research Station, U.S. Department of Agriculture Forest Service. Support for G.N.B. was provided by the Wallenberg Foundation.

References

Akpinar A, Barbosa-Leiker C, Brooks KR. 2016. Does green space matter? Exploring relationships between green space type and health indicators. Urb Forestry Urb Greening 20:407–418, 10.1016/j.ufug.2016.10.013.

Althoff T, White RW, Horvitz E. 2016. Influence of Pokémon Go on physical activity: Study and implications. J Med Internet Res 18:e315, PMID: 27923778, 10.2196/jmir.6759.

Alvey AA. 2006. Promoting and preserving biodiversity in the urban forest. Urb Forestry Urb Greening 5:195–201, 10.1016/j.ufug.2006.09.003.

Ambrey CL, Cartlidge N. 2017. Do the psychological benefits of greenspace depend on one’s personality?. Pers Individ Dif 116:233–239, 10.1016/j.paid.2017.05.001.

Ambrey CL. 2016. An investigation into the synergistic wellbeing benefits of greenspace and physical activity: moving beyond the mean. Urb Forestry Urb Greening 19:7–12, 10.1016/j.ufug.2016.06.020.

Amoly E, Dadvand P, Forns J, Lopez-Vicente M, Basagana X, Julvez J, et al. 2014. Green and blue spaces and behavioral development in Barcelona schoolchildren: The BREATHE project. Environ Health Perspect 122(12):1351–1358, PMID: 25204008, 10.1289/ehp.1408215.

Andrusaityte S, Grazuleviciene R, Kudzyte J, Bernotiene A, Dedele A, Nieuwenhuijsen MJ. 2016. Associations between neighbourhood greenness and asthma in preschool children in Kaunas, Lithuania: a case–control study. BMJ Open 6(4):e010341, PMID: 27067890, 10.1136/bmjopen-2015-010341.

Anguelovski I. 2017. Urban greening as the ultimate urban environmental justice tragedy?. Planning Theory 16(1):NP2–NP23, 10.1177/1473095216654448.

Armstrong BK, Saracci R, White E. 2008. Principles of Exposure Measurement in Epidemiology: Collecting, Evaluating, and Improving Measures of Disease Risk Factors. 2nd ed. Oxford, UK:Oxford University Press.

Aspinall P, Mavros P, Coyne R, Roe J. 2015. The urban brain: analysing outdoor physical activity with mobile EEG. Br J Sports Med 49(4):272–276, PMID: 23467965, 10.1136/bjsports-2012-091877.

Astell-Burt T, Feng X, Kolt GS. 2013. Does access to neighbourhood green space promote a healthy duration of sleep? Novel findings from a cross-sectional study of 259 319 Australians. BMJ Open 3(8):e003094, 10.1136/bmjopen-2013-003094.

Astell-Burt T, Feng X, Kolt GS. 2014a. Is neighborhood green space associated with a lower risk of type 2 diabetes? Evidence from 267,072 Australians. Diabetes Care 37:197–201, PMID: 24026544, 10.2337/dc13-1325.

Astell-Burt T, Feng X, Mavoa S, Badland HM, Giles-Corti B. 2014b. Do low-income neighbourhoods have the least green space? a cross-sectional study of Australia’s most populous cities. BMC Public Health 14:292, PMID: 24678610, 10.1186/1471-2458-14-292.

Astell-Burt T, Mitchell R, Hartig T. 2014c. The association between green space and mental health varies across the lifecourse. A longitudinal study. J Epidemiol Community Health 68:578–583, 10.1136/jech-2013-203767.

Balseviciene B, Sinkariova L, Grazuleviciene R, Andrusaityte S, Uzdanaviciute I, Dedele A, et al. 2014. Impact of residential greenness on preschool children’s emotional and behavioral problems. Int J Environ Res Public Health 11(7):6757–6770, PMID: 24978880, 10.3390/ijerph110706757.

Bancroft C, Joshi S, Rundle A, Hutson M, Chong C, Weiss CC, et al. 2015. Association of proximity and density of parks and objectively measured physical activity in the united states: a systematic review. Soc Sci Med 138:22–30, PMID: 26043433, 10.1016/j.socscimed.2015.05.034.

Barbosa O, Tratalos JA, Armsworth PR, Davies RG, Fuller RA, Johnson P, et al. 2007. Who benefits from access to green space? A case study from Sheffield, UK. Landscape and Urban Planning 83(2–3):187–195, 10.1016/j.landurbplan.2007.04.004.

Barker SB, Wolen AR. 2008. The benefits of human-companion animal interaction: a review. J Vet Med Educ 35(4):487–495, PMID: 19228898, 10.3138/jvme.35.4.487.

Barton J, Bragg R, Wood C, Pretty J, eds. 2016. Green Exercise: Linking Nature, Health and Well-Being. Abingdon, UK:Earthscan/Routledge.

Bauman A, Merom D, Bull FC, Buchner DM, Fiatarone Singh MA. 2016. Updating the evidence for physical activity: Summative reviews of the epidemiological evidence, prevalence, and interventions to promote “active aging”. Gerontologist 56(suppl2):S268–S280, 10.1093/geront/gnw031.

Bayles BR, Brauman KA, Adkins JN, Allan BF, Ellis Am, Goldberg TL, et al. 2016. Ecosystem services connect environmental change to human health outcomes. EcoHealth 13(3):443–449, PMID: 27357081, 10.1007/s10393-016-1137-5.

Beaudreau AH, Levin PS, Norman KC. 2011. Using folk taxonomies to understand stakeholder perceptions for species conservation. Conserv Lett 4(6):451–463, 10.1111/j.1755-263X.2011.00199.x.

Beil K, Hanes D. 2013. The influence of urban natural and built environments on physiological and psychological measures of stress- a pilot study. Int J Environ Res Public Health 10(4):1250–1267, PMID: 23531491, 10.3390/ijerph10041250.

Bell JF, Wilson JS, Liu GC. 2008. Neighborhood greenness and 2-year changes in body mass index of children and youth. Am J Prev Med 35(6):547–553, PMID: 19000844, 10.1016/j.amepre.2008.07.006.

Ben-Joseph E, Lee JS, Cromley EK, Laden F, Troped PJ. 2013. Virtual and actual: Relative accuracy of on-site and web-based instruments in auditing the environment for physical activity. Health Place 19:138–150, PMID: 23247423, 10.1016/j.healthplace.2012.11.001.

Berland A, Shiflett SA, Shuster WD, Garmestani AS, Goddard HC, Herrmann DL, et al. 2017. The role of trees in urban stormwater management. Landsc Urban Plan 162:167–177, 10.1016/j.landurbplan.2017.02.017.

Berto R. 2014. The role of nature in coping with psycho-physiological stress: A literature review on restorativeness. Behav Sci (Basel) 4(4):394–409, 10.3390/bs4040394.

Berzuini C, Dawid P, Bernardinelli L, Berzuini C. 2012. Causality: Statistical Perspectives and Applications. Hoboken, NJ:Wiley.

Beyer KMM, Kaltenbach A, Szabo A, Bogar S, Nieto FJ, Malecki KM. 2014. Exposure to neighborhood green space and mental health: Evidence from the survey of the health of Wisconsin. Int J Environ Res Public Health 11(3):3453–3472, 10.3390/ijerph110303453.

Bijker RA, Sijtsma FJ. 2017. A portfolio of natural places: using a participatory GIS tool to compare the appreciation and use of green spaces inside and outside urban areas by urban residents. Landsc Urban Plan 158:155–165, 10.1016/j.landurbplan.2016.10.004.

Bingham DD, Costa S, Hinkley T, Shire KA, Clemes SA, Barber SE. 2016. Physical activity during the early years: a systematic review of correlates and determinants. Am J Prev Med 51(3):384–402, PMID: 27378255, 10.1016/j.amepre.2016.04.022.

Birkhead GS, Klompas M, Shah NR. 2015. Uses of electronic health records for public health surveillance to advance public health. Annu Rev Public Health 36:345–359, PMID: 25581157, 10.1146/annurev-publhealth-031914-122747.

Blumenthal DS, Diclemente RJ, Braithwaite R, Smith SA. 2013. Community-Based Participatory Health Research: Issues, Methods, and Translation to Practice. 2nd ed. New York, NY:Springer.

Bodicoat DH, O’Donovan G, Dalton AM, Gray LJ, Yates T, Edwardson C, et al. 2014. The association between neighbourhood greenspace and type 2 diabetes in a large cross-sectional study. BMJ Open 4:e006076, 10.1136/bmjopen-2014-006076.

Bogar S, Beyer KM. 2016. Green space, violence, and crime. Trauma Violence Abuse 17(2):160–171, PMID: 25824659, 10.1177/1524838015576412.

Bolund P, Hunhammar S. 1999. Ecosystem services in urban areas. Ecol Econ 29(2):293–301, 10.1016/S0921-8009(99)00013-0.

Boone CG, Buckley GL, Grove JM, Sister C. 2009. Parks and people: an environmental justice inquiry in Baltimore, Maryland. Ann Assoc Am Geogr 99(4):767–787, 10.1080/00045600903102949.

Bowler DE, Buyung-Ali L, Knight TM, Pullin AS. 2010. Urban greening to cool towns and cities: a systematic review of the empirical evidence. Landsc Urban Plan 97:147–155, 10.1016/j.landurbplan.2010.05.006.

Bowler DE, Buyung-Ali LM, Knight TM, Pullin AS. 2010. A systematic review of evidence for the added benefits to health of exposure to natural environments. BMC Public Health 10:456, PMID: 20684754, 10.1186/1471-2458-10-456.

Branas CC, Cheney RA, MacDonald JM, Tam VW, Jackson TD, Ten Have TR. 2011. A difference-in-differences analysis of health, safety, and greening vacant urban space. Am J Epidemiol 174(11):1296–1306, PMID: 22079788, 10.1093/aje/kwr273.

Bratman GN, Daily GC, Levy BJ, Gross JJ. 2015a. The benefits of nature experience: improved affect and cognition. Landsc Urban Plan 138:41–50, 10.1016/j.landurbplan.2015.02.005.

Bratman GN, Hamilton JP, Daily GC. 2012. The impacts of nature experience on human cognitive function and mental health. Ann N Y Acad Sci 1249:118–136, PMID: 22320203, 10.1111/j.1749-6632.2011.06400.x.

Bratman GN, Hamilton JP, Hahn KS, Daily GC, Gross JJ. 2015b. Nature experience reduces rumination and subgenual prefrontal cortex activation. Proc Natl Acad Sci USA 112(28):8567–8572.

Breslow SJ, Sojka B, Barnea R, Basurto X, Carothers C, Charnley S, et al. 2016. Conceptualizing and operationalizing human wellbeing for ecosystem assessment and management. Environ Sci Policy 66:250–259, 10.1016/j.envsci.2016.06.023.

Brown SC, Lombard J, Wang K, Byrne MM, Toro M, Plater-Zyberk E, et al. 2016. Neighborhood greenness and chronic health conditions in medicare beneficiaries. Am J Prev Med 51(1):78–89, PMID: 27061891, 10.1016/j.amepre.2016.02.008.

Broyles ST, Mowen AJ, Theall KP, Gustat J, Rung AL. 2011. Integrating social capital into a park-use and active-living framework. Am J Prev Med 40(5):522–529, PMID: 21496751, 10.1016/j.amepre.2010.12.028.

Brunson L, Kuo FE, Sullivan WC. 2001. Resident appropriation of defensible space in public housing: implications for safety and community. Environ Behav 33(5):626–652, 10.1177/00139160121973160.

Buijs AE, Elands BHM, Langers F. 2009. No wilderness for immigrants: cultural differences in images of nature and landscape preferences. Landsc Urban Plan 91:113–123, 10.1016/j.landurbplan.2008.12.003.

Byrne J, Wolch J. 2009. Nature, race, and parks: past research and future directions for geographic research. Prog Hum Geogr 33(6):743–765, 10.1177/0309132509103156.

Calogiuri G, Chroni S. 2014. The impact of the natural environment on the promotion of active living: an integrative systematic review. BMC Public Health 14:873, PMID: 25150711, 10.1186/1471-2458-14-873.

Cervinka R, Röderer K, Hefler E. 2012. Are nature lovers happy? On various indicators of well-being and connectedness with nature. J Health Psychol 17(3):379–388, PMID: 21859800, 10.1177/1359105311416873.

Chaix B, Meline J, Duncan S, Merrien C, Karusisi N, Perchoux C, et al. 2013. GPS tracking in neighborhood and health studies: a step forward for environmental exposure assessment, a step backward for causal inference?. Health Place 21:46–51, PMID: 23425661, 10.1016/j.healthplace.2013.01.003.

Charreire H, Mackenbach JD, Ouasti M, Lakerveld J, Compernolle S, Ben-Rebah M, et al. 2014. Using remote sensing to define environmental characteristics related to physical activity and dietary behaviours: a systematic review (The Spotlight Project). Health Place 25:1–9, PMID: 24211730, 10.1016/j.healthplace.2013.09.017.

Chen C, Haddad D, Selsky J, Hoffman JE, Kravitz RL, Estrin DE, et al. 2012. Making sense of mobile health data: an open architecture to improve individual- and population-level health. J Med Internet Res 14(4):e112, 10.2196/jmir.2152.

Clarke P, Ailshire J, Melendez R, Bader M, Morenoff J. 2010. Using Google Earth to conduct a neighborhood audit: reliability of a virtual audit instrument. Health Place 16(6):1224–1229, PMID: 20797897, 10.1016/j.healthplace.2010.08.007.

Cleland V, Crawford D, Baur LA, Hume C, Timperio A, Salmon J. 2008. A prospective examination of children’s time spent outdoors, objectively measured physical activity and overweight. Int J Obes Relat Metab Disord 32:1685–1693, 10.1038/ijo.2008.171.

Clements R. 2004. An investigation of the status of outdoor play. Contemp Iss Early Child 5(1):68–80, 10.2304/ciec.2004.5.1.10.

Coffey JS, Gauderer L. 2016. When pediatric primary care providers prescribe nature engagement at a state park, do children “fill” the prescription?. Ecopsychology 8(4):207–214, 10.1089/eco.2016.0019.

Cohen-Cline H, Turkheimer E, Duncan GE. 2015. Access to green space, physical activity and mental health: a twin study. J Epidemiol Community Health 69(6):523–529, PMID: 25631858, 10.1136/jech-2014-204667.

Colditz GA. 2012. The promise and challenges of dissemination and implementation research. In: Dissemination and Implementation Research in Health: Translating Science into Practice. Brownson RC, Colditz GA, Proctor EK, eds. Oxford, UK:Oxford University Press, 3–22.

Collado S, Corraliza JA, Staats H, Ruiz M. 2015. Effect of frequency and mode of contact with nature on children’s self-reported ecological behaviors. J Environ Psychol 41:65–73, 10.1016/j.jenvp.2014.11.001.

Conniff A, Craig T. 2016. A methodological approach to understanding the wellbeing and restorative benefits associated with greenspace. Urban For Urban Green 19:103–109, 10.1016/j.ufug.2016.06.019.

Coon JT, Boddy K, Stein K, Whear R, Barton J, Depledge MH. 2011. Does participating in physical activity in outdoor natural environments have a greater effect on physical and mental wellbeing than physical activity indoors? A systematic review. Environ Sci Technol 45(5):1761–1772, 10.1021/es102947t.

Costanza R. 2015. An Introduction to Ecological Economics. 2nd ed. Boca Raton, FL:CRC Press.

Council on Communications and Media. 2016. Media use in school-aged children and adolescents. Pediatrics 138(5):e20162592.

Coutts C, Hahn M. 2015. Green infrastructure, ecosystem services, and human health. Int J Environ Res Public Health 12(8):9768–9798, PMID: 26295249, 10.3390/ijerph120809768.

Coutts C, Horner M, Chapin T. 2010. Using geographical information system to model the effects of green space accessibility on mortality in florida. Geocarto Int 25(6):471–484, 10.1080/10106049.2010.505302.

Cracknell D, White MP, Pahl S, Nichols WJ, Depledge MH. 2016. Marine biota and psychological well-being: A preliminary examination of dose–response effects in an aquarium setting. Environ Behav 48(10):1242–1269, 10.1177/0013916515597512.

Craig P, Cooper C, Gunnell D, Haw S, Lawson K, Macintyre S, et al. 2012. Using natural experiments to evaluate population health interventions: New Medical Research Council guidance. J Epidemiol Community Health 66(12):1182–1186, PMID: 22577181, 10.1136/jech-2011-200375.

Cronon W. 1996. Uncommon Ground: Rethinking the Human Place in Nature. New York, NY:W.W. Norton & Co.

Cutts BB, Darby KJ, Boone CG, Brewis A. 2009. City structure, obesity, and environmental justice: an integrated analysis of physical and social barriers to walkable streets and park access. Soc Sci Med 69(9):1314–1322, 10.1016/j.socscimed.2009.08.020.

Dadvand P, Villanueva CM, Font-Ribera L, Martinez D, Basagana X, Belmonte J, et al. 2014a. Risks and benefits of green spaces for children: a cross-sectional study of associations with sedentary behavior, obesity, asthma, and allergy. Environ Health Perspect 122(12):1329–1335, PMID: 25157960, 10.1289/ehp.1308038.

Dadvand P, Wright J, Martinez D, Basagaña X, McEachan RRC, Cirach M, et al. 2014b. Inequality, green spaces, and pregnant women: roles of ethnicity and individual and neighbourhood socioeconomic status. Environ Int 71:101–108, 10.1016/j.envint.2014.06.010.

Dadvand P, Bartoll X, Basagaña X, Dalmau-Bueno A, Martinez D, Ambros A, et al. 2016. Green spaces and general health: roles of mental health status, social support, and physical activity. Environ Int 91:161–167, PMID: 26949869, 10.1016/j.envint.2016.02.029.

Dahmann N, Wolch J, Joassart-Marcelli P, Reynolds K, Jerrett M. 2010. The active city? Disparities in provision of urban public recreation resources. Health Place 16(3):431–445, PMID: 20056472, 10.1016/j.healthplace.2009.11.005.

Dallimer M, Irvine KN, Skinner AMJ, Davies ZG, Rouquette JR, Maltby LL, et al. 2012. Biodiversity and the feel-good factor: understanding associations between self-reported human well-being and species richness. BioScience 62(1):47–55, 10.1525/bio.2012.62.1.9.

Davies ZG, Edmondson JL, Heinemeyer A, Leake JR, Gaston KJ. 2011. Mapping an urban ecosystem service: Quantifying above-ground carbon storage at a city-wide scale. J Appl Ecol 48(5):1125–1134, 10.1111/j.1365-2664.2011.02021.x.

de Bloom J, Sianoja M, Korpela K, Tuomisto M, Lilja A, Geurts S, et al. 2017. Effects of park walks and relaxation exercises during lunch breaks on recovery from job stress: two randomized controlled trials. J Environ Psychol 51:14–30, 10.1016/j.jenvp.2017.03.006.

de Vries S, van Dillen SM, Groenewegen PP, Spreeuwenberg P. 2013. Streetscape greenery and health: Stress, social cohesion and physical activity as mediators. Soc Sci Med 94:26–33, PMID: 23931942, 10.1016/j.socscimed.2013.06.030.

de Vries S, Verheij RA, Groenewegen PP, Spreeuwenberg P. 2003. Natural environments—healthy environments? An exploratory analysis of the relationship between greenspace and health. Environ Plann A 35(10):1717–1731, 10.1068/a35111.

Detweiler MB, Sharma T, Detweiler JG, Murphy PF, Lane S, Carman J, et al. 2012. What is the evidence to support the use of therapeutic gardens for the elderly?. Psychiatry Investig 9(2):100–110, 10.4306/pi.2012.9.2.100.

Diette GB, Lechtzin N, Haponik E, Devrotes A, Rubin HR. 2003. Distraction therapy with nature sights and sounds reduces pain during flexible bronchoscopy. Chest 123(3):941–948, 10.1378/chest.123.3.941.

Diez-Roux AV. 2000. Multilevel analysis in public health research. Annu Rev Public Health 21:171–192, PMID: 10884951, 10.1146/annurev.publhealth.21.1.171.

Donovan GH, Michael YL, Gatziolis D, Prestemon JP, Whitsel EA. 2015. Is tree loss associated with cardiovascular-disease risk in the Women’s Health Initiative? A natural experiment. Health Place 36:1–7, PMID: 26335885, 10.1016/j.healthplace.2015.08.007.

Dooris M. 2006. Healthy settings: Challenges to generating evidence of effectiveness. Health Promot Int 21(1):55–65, PMID: 16339774, 10.1093/heapro/dai030.

Dorward LJ, Mittermeier JC, Sandbrook C, Spooner F. 2017. Pokémon Go: Benefits, costs, and lessons for the conservation movement. Conservation Letters 10(1):160–165, 10.1111/conl.12326.

Duncan M, Clarke N, Birch S, Tallis J, Hankey J, Bryant E, et al. 2014. The effect of green exercise on blood pressure, heart rate and mood state in primary school children. Int J Environ Res Public Health 11(4):3678–3688, 10.3390/ijerph110403678.

Dunning T. 2012. Natural Experiments in the Social Sciences: A Design-Based Approach. Cambridge, UK:Cambridge University Press.

Dzhambov AM, Dimitrova DD, Dimitrakova ED. 2014. Association between residential greenness and birth weight: Systematic review and meta-analysis. Urb Forestry Urb Greening 13(4):621–629, 10.1016/j.ufug.2014.09.004.

Ekkel ED, de Vries S. 2017. Nearby green space and human health: Evaluating accessibility metrics. Landsc Urban Plan 157:214–220, 10.1016/j.landurbplan.2016.06.008.

Evensen KH, Raanaas RK, Hagerhall CM, Johansson M, Patil GG. 2015. Restorative elements at the computer workstation: A comparison of live plants and inanimate objects with and without window view. Environ Behav 47(3):288–303, 10.1177/0013916513499584.

Faber Taylor A, Kuo F, Sullivan W. 2001. Coping with ADD: the surprising connection to green play settings. Environ Behav 33(1):54–77, 10.1177/00139160121972864.

Faber Taylor A, Kuo F. 2009. Children with attention deficits concentrate better after walk in the park. J Atten Disord 12(5):402–409, 10.1177/1087054708323000.

Faber Taylor A, Kuo FEM. 2011. Could exposure to everyday green spaces help treat ADHD? Evidence from children’s play settings. Appl Psychol Health Well Being 3(3):281–303, 10.1111/j.1758-0854.2011.01052.x.

Fan Y, Das KV, Chen Q. 2011. Neighborhood green, social support, physical activity, and stress: Assessing the cumulative impact. Health Place 17(6):1202–1211, PMID: 21920795, 10.1016/j.healthplace.2011.08.008.

Farley JC, Daly HE. 2011. Ecological Economics: Principles and Applications. 2nd ed. Washington, DC:Island Press.

Feda DM, Seelbinder A, Baek S, Raja S, Yin L, Roemmich JN. 2015. Neighbourhood parks and reduction in stress among adolescents: Results from Buffalo, New York. Indoor Built Environ 24(5):631–639, 10.1177/1420326X14535791.

Feld S. 2015. Acoustemology. In: Keywords in Sound. Novak D, Sakakeeny M, eds. Durham, NC:Duke University Press, 12–21.

Fisher B, Turner RK, Morling P. 2009. Defining and classifying ecosystem services for decision making. Ecol Econ 68(3):643–653, 10.1016/j.ecolecon.2008.09.014.

Fjørtoft I. 2001. The natural environment as a playground for children: the impact of outdoor play activities in pre-primary school children. Early Child Educ J 29(2):111–117, 10.1023/A:1012576913074.

Fjørtoft I. 2004. Landscape as playscape: The effects of natural environments on children’s play and motor development. Children Youth Environ 14(2):21–44.

Fleming CM, Manning M, Ambrey CL. 2016. Crime, greenspace and life satisfaction: An evaluation of the New Zealand experience. Landsc Urban Plan 149:1–10, 10.1016/j.landurbplan.2015.12.014.

Fletcher R. 2016. Connection with nature is an oxymoron: a political ecology of “nature-deficit disorder.” J Environ Educ, 10.1080/00958964.2016.1139534.

Ford AES, Graham H, White PCL. 2015. Integrating human and ecosystem health through ecosystem services frameworks. EcoHealth 12(4):660–671, PMID: 26403794, 10.1007/s10393-015-1041-4.

Fraser SD, Lock K. 2011. Cycling for transport and public health: A systematic review of the effect of the environment on cycling. Eur J Public Health 21(6):738–743, PMID: 20929903, 10.1093/eurpub/ckq145.

Fredrickson BL, Grewen KM, Coffey KA, Algoe SB, Firestine AM, Arevalo JM, et al. 2013. A functional genomic perspective on human well-being. Proc Natl Acad Sci USA 110(33):13684–13689, PMID: 23898182, 10.1073/pnas.1305419110.

French AN, Ashby RS, Morgan IG, Rose KA. 2013. Time outdoors and the prevention of myopia. Exp Eye Res 114:58–68, PMID: 23644222, 10.1016/j.exer.2013.04.018.

Frost JL. 2010. A History of Children’s Play and Play Environments: Toward a Contemporary Child-Saving Movement.
New York, NY:Routledge.

Frumkin H. 2013. The evidence of nature and the nature of evidence. Am J Prev Med 44(2):196–197, PMID: 23332341, 10.1016/j.amepre.2012.10.016.

Fuertes E, Markevych I, von Berg A, Bauer CP, Berdel D, Koletzko S, et al. 2014. Greenness and allergies: evidence of differential associations in two areas in Germany. J Epidemiol Community Health 68:787–790, 10.1136/jech-2014-203903.

Fuertes E, Markevych I, Bowatte G, Gruzieva O, Gehring U, Becker A, et al. 2016. Residential greenness is differentially associated with childhood allergic rhinitis and aeroallergen sensitization in seven birth cohorts. Allergy 71(10):1461–1471, PMID: 27087129, 10.1111/all.12915.

Gascon M, Triguero-Mas M, Martinez D, Dadvand P, Forns J, Plasencia A, et al. 2015. Mental health benefits of long-term exposure to residential green and blue spaces: a systematic review. Int J Environ Res Public Health 12(4):4354–4379, PMID: 25913182, 10.3390/ijerph120404354.

Gascon M, Triguero-Mas M, Martínez D, Dadvand P, Rojas-Rueda D, Plasència A, et al. 2016a. Normalized difference vegetation index (NDVI) as a marker of surrounding greenness in epidemiological studies: the case of Barcelona City. Urb Forestry Urb Greening 19:88–94.

Gascon M, Triguero-Mas M, Martínez D, Dadvand P, Rojas-Rueda D, Plasència A, et al. 2016b. Residential green spaces and mortality: a systematic review. Environ Int 86:60–67.

Gatersleben B, Andrews M. 2013. When walking in nature is not restorative-the role of prospect and refuge. Health Place 20:91–101, PMID: 23399852, 10.1016/j.healthplace.2013.01.001.

Gelkopf M, Hasson-Ohayon I, Bikman M, Kravetz S. 2013. Nature adventure rehabilitation for combat-related posttraumatic chronic stress disorder: A randomized control trial. Psychiatry Res 209(3):485–493, PMID: 23541513, 10.1016/j.psychres.2013.01.026.

Gobster PH. 2002. Managing urban parks for a racially and ethnically diverse clientele. Leis Sci 24(2):143–159, 10.1080/01490400252900121.

Gray C, Gibbons R, Larouche R, Sandseter EB, Bienenstock A, Brussoni M, et al. 2015. What is the relationship between outdoor time and physical activity, sedentary behaviour, and physical fitness in children? A systematic review. Int J Environ Res Public Health 12(6):6455–6474, PMID: 26062039, 10.3390/ijerph120606455.

Grazuleviciene R, Danileviciute A, Dedele A, Vencloviene J, Andrusaityte S, Uzdanaviciute I, et al. 2015. Surrounding greenness, proximity to city parks and pregnancy outcomes in Kaunas Cohort Study. Int J Hyg Environ Health 218(3):358–365, PMID: 25757723, 10.1016/j.ijheh.2015.02.004.

Grigsby-Toussaint DS, Turi KN, Krupa M, Williams NJ, Pandi-Perumal SR, Jean-Louis G. 2015. Sleep insufficiency and the natural environment: Results from the US Behavioral Risk Factor Surveillance System Survey. Prev Med 78:78–84, PMID: 26193624, 10.1016/j.ypmed.2015.07.011.

Groenewegen PP, van den Berg AE, Maas J, Verheij RA, de Vries S. 2012. Is a green residential environment better for health? If so, why?. Ann Assoc Am Geogr 102(5):996–1003, 10.1080/00045608.2012.674899.

Grote R, Samson R, Alonso R, Amorim JH, Cariñanos P, Churkina G, et al. 2016. Functional traits of urban trees: air pollution mitigation potential. Front Ecol Environ 14(10):543–550, 10.1002/fee.1426.

Gubbels JS, Kremers SPJ, Droomers M, Hoefnagels C, Stronks K, Hosman C, et al. 2016. The impact of greenery on physical activity and mental health of adolescent and adult residents of deprived neighborhoods: a longitudinal study. Health Place 40:153–160, 10.1016/j.healthplace.2016.06.002.

Guggenheim JA, Northstone K, McMahon G, Ness AR, Deere K, Mattocks C, et al. 2012. Time outdoors and physical activity as predictors of incident myopia in childhood: A prospective cohort study. Invest Ophthalmol Vis Sci 53(6):2856–2865, PMID: 22491403, 10.1167/iovs.11-9091.

Gundersen V, Skår M, O’Brien L, Wold LC, Follo G. 2016. Children and nearby nature: a nationwide parental survey from norway. Urban Forestry & Urban Greening 17:116–125, 10.1016/j.ufug.2016.04.002.

Guttentag DA. 2010. Virtual reality: Applications and implications for tourism. Tour Manag 31(5):637–651, 10.1016/j.tourman.2009.07.003.

Hall DM, Camilo GR, Tonietto RK, Ollerton J, Ahrné K, Arduser M, et al. 2017. The city as a refuge for insect pollinators. Conserv Biol 31(1):24–29, PMID: 27624925, 10.1111/cobi.12840.

Haluza D, Schönbauer R, Cervinka R. 2014. Green perspectives for public health: A narrative review on the physiological effects of experiencing outdoor nature. Int J Environ Res Public Health 11(5):5445–5461, PMID: 24852391, 10.3390/ijerph110505445.

Hamad EO, Savundranayagam MY, Holmes JD, Kinsella EA, Johnson AM. 2016. Toward a mixed-methods research approach to content analysis in the digital age: The combined content-analysis model and its applications to health care twitter feeds. J Med Internet Res 18(3):e60, 10.2196/jmir.5391.

Han J-W, Choi H, Jeon Y-H, Yoon C-H, Woo J-M, Kim W. 2016. The effects of forest therapy on coping with chronic widespread pain: Physiological and psychological differences between participants in a forest therapy program and a control group. Int J Environ Res Public Health 13(3):255, 10.3390/ijerph13030255.

Han K-T. 2009. Influence of limitedly visible leafy indoor plants on the psychology, behavior, and health of students at a junior high school in Taiwan. Environ Behav 41(5):658–692, 10.1177/0013916508314476.

Hanski I, von Hertzen L, Fyhrquist N, Koskinen K, Torppa K, Laatikainen T, et al. 2012. Environmental biodiversity, human microbiota, and allergy are interrelated. Proc Natl Acad Sci USA U S A 109(21):8334–8339, PMID: 22566627, 10.1073/pnas.1205624109.

Harnik P, Welle B. 2009. Measuring the economic value of a city park system. Trust for Public Land. http://cloud.tpl.org/pubs/ccpe-econvalueparks-rpt.pdf [accessed 5 July 2017].

Hartig T, Mitchell R, de Vries S, Frumkin H. 2014. Nature and health. Annu Rev Public Health 35:207–228, PMID: 24387090, 10.1146/annurev-publhealth-032013-182443.

Hayden EC. 2016. Mobile-phone health apps deliver data bounty. Nature 531(7595):422–423, 10.1038/531422a.

He M, Xiang F, Zeng Y, Mai J, Chen Q, Zhang J, et al. 2015. Effect of time spent outdoors at school on the development of myopia among children in china: A randomized clinical trial. JAMA 314(11):1142–1148, PMID: 26372583, 10.1001/jama.2015.10803.

Herzog TR, Bryce AG. 2007. Mystery and preference in within-forest settings. Environ Behav 39(6):779–796, 10.1177/0013916506298796.

Hester RE, Harrison RM. 2010. Ecosystem Services. Cambridge, UK: Royal Society of Chemistry.

Heynen N, Perkins HA, Roy P. 2006. The political ecology of uneven urban green space: The impact of political economy on race and ethnicity in producing environmental inequality in Milwaukee. Urban Affairs Review 42(1):3–25, 10.1177/1078087406290729.

Hillsdon M, Panter J, Foster C, Jones A. 2006. The relationship between access and quality of urban green space with population physical activity. Public Health 120(12):1127– 1132, 10.1016/j.puhe.2006.10.007.

Ho C-h, Sasidharan V, Elmendorf W, Willits FK, Graefe A, Godbey G. 2005. Gender and ethnic variations in urban park preferences, visitation, and perceived benefits. J Leis Res 37(3):281–306.

Holtan MT, Dieterlen SL, Sullivan WC. 2015. Social life under cover: tree canopy and social capital in Baltimore, Maryland. Environment and Behavior 47(5):502–525, 10.1177/0013916513518064.

Home R, Hunziker M, Bauer N. 2012. Psychosocial outcomes as motivations for visiting nearby urban green spaces. Leis Sci 34(4):350–365, 10.1080/01490400.2012.687644.

Howe KB, Suharlim C, Ueda P, Howe D, Kawachi I, Rimm EB. 2016. Gotta catch’em all! Pokémon Go and physical activity among young adults: difference in differences study. BMJ 355:i6270.

Hoyle H, Hitchmough J, Jorgensen A. 2017. All about the ‘wow factor’? The relationships between aesthetics, restorative effect and perceived biodiversity in designed urban planting. Landsc Urban Plan 164:109–123, 10.1016/j.landurbplan.2017.03.011.

Hu R, Yan G, Mu X, Luo J. 2014. Indirect measurement of leaf area index on the basis of path length distribution. Remote Sens Environ 155:239–247, 10.1016/j.rse.2014.08.032.

Hu Z, Liebens J, Rao KR. 2008. Linking stroke mortality with air pollution, income, and greenness in northwest florida: An ecological geographical study. Int J Health Geogr 7:20, PMID: 18452609, 10.1186/1476-072X-7-20.

Huete A, Didan K, Miura T, Rodriguez EP, Gao X, Ferreira LG. 2002. Overview of the radiometric and biophysical performance of the MODIS vegetation indices. Remote Sens Environ 83(1–2):195–213, 10.1016/S0034-4257(02)00096-2.

Hunter AJ, Luck GW. 2015. Defining and measuring the social-ecological quality of urban greenspace: a semi-systematic review. Urban Ecosyst 18(4):1139–1163, 10.1007/s11252-015-0456-6.

Hunter MR, Askarinejad A. 2015. Designer’s approach for scene selection in tests of preference and restoration along a continuum of natural to manmade environments. Front Psychol 6:1228, PMID: 26347691, 10.3389/fpsyg.2015.01228.

Hunter RF, Christian H, Veitch J, Astell-Burt T, Hipp JA, Schipperijn J. 2015. The impact of interventions to promote physical activity in urban green space: A systematic review and recommendations for future research. Soc Sci Med 124:246–256, PMID: 25462429, 10.1016/j.socscimed.2014.11.051.

Irwin MR, Cole SW. 2011. Reciprocal regulation of the neural and innate immune systems. Nat Rev Immunol 11(9):625–632, PMID: 21818124, 10.1038/nri3042.

Jackson LE, Daniel J, McCorkle B, Sears A, Bush KF. 2013. Linking ecosystem services and human health: The eco-health relationship browser. Int J Public Health 58(5):747–755, PMID: 23877533, 10.1007/s00038-013-0482-1.

James P, Banay RF, Hart JE, Laden F. 2015. A review of the health benefits of greenness. Curr Epidemiol Rep 2(2):131–142, PMID: 26185745, 10.1007/s40471-015-0043-7.

James P, Hart JE, Banay RF, Laden F. 2016. Exposure to greenness and mortality in a nationwide prospective cohort study of women. Environ Health Perspect 124(9): 1344–1352, PMID: 27074702, 10.1289/ehp.1510363.

Jason L, Glenwick D. 2016. Handbook of Methodological Approaches to Community-Based Research: Qualitative, Quantitative, and Mixed Methods. New York, NY:Oxford University Press.

Jennings V, Gaither CJ. 2015. Approaching environmental health disparities and green spaces: an ecosystem services perspective. Int J Environ Res Public Health 12(2):1952–1968, PMID: 25674782, 10.3390/ijerph120201952.

Jennings V, Larson L, Yun J. 2016. Advancing sustainability through urban green space: Cultural ecosystem services, equity, and social determinants of health. Int J Environ Res Public Health 13(2):196, PMID: 26861365, 10.3390/ijerph13020196.

Jiang B, Chang C-Y, Sullivan WC. 2014. A dose of nature: Tree cover, stress reduction, and gender differences. Landsc Urban Plan 132:26–36, 10.1016/j.landurbplan.2014.08.005.

Joffe M, Mindell J. 2006. Complex causal process diagrams for analyzing the health impacts of policy interventions. Am J Public Health 96(3):473–479, PMID: 16449586, 10.2105/AJPH.2005.063693.

Johnson CY, Bowker JM. 2004. African-American wildland memories. Environ Ethics 26(1):57–75, 10.5840/enviroethics200426141.

Johnson CY, Horan PM, Pepper W. 1997. Race, rural residence, and wildland visitation: Examining the influence of sociocultural meaning. Rural Sociology 62(1):89–110, 10.1111/j.1549-0831.1997.tb00646.x.

Jonker MF, van Lenthe FJ, Donkers B, Mackenbach JP, Burdorf A. 2014. The effect of urban green on small-area (healthy) life expectancy. J Epidemiol Community Health 68(10):999–1002, PMID: 25053616, 10.1136/jech-2014-203847.

Kaczynski A, Henderson K. 2007. Environmental correlates of physical activity: a review of evidence about parks and recreation. Leisure Sci 29(4):315–354, 10.1080/01490400701394865.

Kahn PH Jr, Friedman B, Gill B, Hagman J, Severson RL, Freier NG, et al. 2008. A plasma display window?—The shifting baseline problem in a technologically mediated natural world. J Environ Psychol 28(2):192–199, 10.1016/j.jenvp.2007.10.008.

Kahn PH Jr
. 2010. a nature language: an agenda to catalog, save, and recover patterns of human-nature interaction. Ecopsychology 2(2):59–66, 10.1089/eco.2009.0047.

Kahn PH. 2011. Technological Nature: Adaptation and the Future of Human Life. Cambridge, MA:MIT Press.

Kamioka H, Okada S, Tsutani K, Park H, Okuizumi H, Handa S, et al. 2014. Effectiveness of animal-assisted therapy: A systematic review of randomized controlled trials. Complement Ther Med 22(2):371–390, PMID: 24731910, 10.1016/j.ctim.2013.12.016.

Kaplan R, Kaplan S. 1989. The Experience of Nature: A Psychological Perspective. New York, NY:Cambridge University Press.

Kaplan S. 1995. The restorative benefits of nature: Toward an integrative framework. J Environ Psychol 15(3):169–182, 10.1016/0272-4944(95)90001-2.

Kardan O, Gozdyra P, Misic B, Moola F, Palmer LJ, Paus T, et al. 2015. Neighborhood greenspace and health in a large urban center. Sci Rep 5:11610, PMID: 26158911, 10.1038/srep11610.

Kawachi I, Subramanian SV, Kim D, eds. 2008. Social Capital and Health.
New York, NY:
Springer.

Kaźmierczak A. 2013. The contribution of local parks to neighbourhood social ties. Landscape and Urban Planning 109(1):31–44, 10.1016/j.landurbplan.2012.05.007.

Kellert SR, Wilson EO. 1993. The Biophilia Hypothesis. Washington, DC:Island Press.

Kellert SR. 2005. Nature and childhood development. In: Building for Life: Designing and Understanding the Human-Nature Connection. Kellert SR, ed. Washington, DC:Island Press, 63–89.

Keltner D, Haidt J. 2003. Approaching awe, a moral, spiritual, and aesthetic emotion. Cogn Emot 17(2):297–314, 10.1080/02699930302297.

Kemperman A, Timmermans H. 2014. Green spaces in the direct living environment and social contacts of the aging population. Landsc Urban Plan 129:44–54, 10.1016/j.landurbplan.2014.05.003.

Keniger LE, Gaston KJ, Irvine KN, Fuller RA. 2013. What are the benefits of interacting with nature?. Int J Environ Res Public Health 10(3):913–935, PMID: 23466828, 10.3390/ijerph10030913.

Kim JH, Lee C, Sohn W. 2016. Urban natural environments, obesity, and health-related quality of life among Hispanic children living in inner-city neighborhoods. Int J Environ Res Public Health 13(1):E121.

Kim W, Lim SK, Chung EJ, Woo JM. 2009. The effect of cognitive behavior therapy-based psychotherapy applied in a forest environment on physiological changes and remission of major depressive disorder. Psychiatry Investig 6(4):245–254, 10.4306/pi.2009.6.4.245.

Kimes D, Ullah A, Levine E, Nelson R, Timmins S, Weiss S, et al. 2004. Relationships between pediatric asthma and socioeconomic/urban variables in Baltimore, Maryland. Health Place 10(2):141–152, PMID: 15019908, 10.1016/S1353-8292(03)00054-6.

Klepeis NE, Nelson WC, Ott WR, Robinson JP, Tsang AM, Switzer P, et al. 2001. The National Human Activity Pattern Survey (NHAPS): A resource for assessing exposure to environmental pollutants. J Expo Anal Environ Epidemiol 11(3):231–252, PMID: 11477521, 10.1038/sj.jea.7500165.

Kondo MC, South EC, Branas CC. 2015. Nature-based strategies for improving urban health and safety. J Urban Health 92(5):800–814, PMID: 26275455, 10.1007/s11524-015-9983-y.

Kondrashova A, Seiskari T, Ilonen J, Knip M, Hyöty H. 2013. The ‘hygiene hypothesis’ and the sharp gradient in the incidence of autoimmune and allergic diseases between Russian Karelia and Finland. APMIS 121(6):478–493, PMID: 23127244, 10.1111/apm.12023.

Koohsari MJ, Sugiyama T, Sahlqvist S, Mavoa S, Hadgraft N, Owen N. 2015. Neighborhood environmental attributes and adults’ sedentary behaviors: review and research agenda. Prev Med 77:141–149, PMID: 26051198, 10.1016/j.ypmed.2015.05.027.

Kuo F, Faber Taylor A. 2004. A potential natural treatment for attention-deficit/hyperactivity disorder: Evidence from a national study. Am J Public Health 94(9):1580–1586, 10.2105/AJPH.94.9.1580.

Kuo FE, Sullivan WC. 2001a. Environment and crime in the inner city: does vegetation reduce crime? Environ Behav 33(3):343–367.

Kuo FE, Sullivan WC. 2001b. Aggression and violence in the inner city: Effects of environment via mental fatigue. Environ Behav 33(4):543–571.

Kuo M. 2015. How might contact with nature promote human health? Promising mechanisms and a possible central pathway. Front Psychol 6:1093, 10.3389/fpsyg.2015.01093.

Kurzweil R. 2005. The Singularity is Near: When Humans Transcend Biology. New York, NY:Viking.

Kweon B-S, Sullivan WC, Wiley AR. 1998. Green common spaces and the social integration of inner-city older adults. Environ Behav 30(6):832–858, 10.1177/001391659803000605.

Lachowycz K, Jones AP. 2011. Greenspace and obesity: A systematic review of the evidence. Obes Rev 12(5):e183–e189, PMID: 21348919, 10.1111/j.1467-789X.2010.00827.x.

Lachowycz K, Jones AP. 2013. Towards a better understanding of the relationship between greenspace and health: Development of a theoretical framework. Landsc Urban Plan 118:62–69, 10.1016/j.landurbplan.2012.10.012.

Lachowycz K, Jones AP. 2014. Does walking explain associations between access to greenspace and lower mortality?. Soc Sci Med 107:9–17, PMID: 24602966, 10.1016/j.socscimed.2014.02.023.

Larsen FW, Turner WR, Brooks TM. 2012. Conserving critical sites for biodiversity provides disproportionate benefits to people. PLoS One 7(5):e36971, PMID: 22666337, 10.1371/journal.pone.0036971.

Larson LR, Jennings V, Cloutier SA. 2016. Public parks and wellbeing in urban areas of the United States. PLoS One 11(4):e0153211, PMID: 27054887, 10.1371/journal.pone.0153211.

Lechtzin N, Busse AM, Smith MT, Grossman S, Nesbit S, Diette GB. 2010. A randomized trial of nature scenery and sounds versus urban scenery and sounds to reduce pain in adults undergoing bone marrow aspirate and biopsy. J Altern Complement Med 16(9):965–972, PMID: 20799901, 10.1089/acm.2009.0531.

Lee AC, Jordan HC, Horsley J. 2015. Value of urban green spaces in promoting healthy living and wellbeing: prospects for planning. Risk Manag Healthc Policy 8:131–137, PMID: 26347082, 10.2147/RMHP.S61654.

Lee ACK, Maheswaran R. 2011. The health benefits of urban green spaces: a review of the evidence. J Public Health (Oxf) 33(2):212–222, PMID: 20833671, 10.1093/pubmed/fdq068.

Lee IM, Shiroma EJ, Lobelo F, Puska P, Blair SN, Katzmarzyk PT. 2012. Effect of physical inactivity on major non-communicable diseases worldwide: an analysis of burden of disease and life expectancy. Lancet 380(9838):219–229, PMID: 22818936, 10.1016/S0140-6736(12)61031-9.

Lee YK, Mazmanian SK. 2010. Has the microbiota played a critical role in the evolution of the adaptive immune system?. Science 330(6012):1768–1773, PMID: 21205662, 10.1126/science.1195568.

Lewis TL, Gould KA. 2017. Green Gentrification: Urban Sustainability and the Struggle for Environmental Justice. Abingdon, UK:Routledge.

Li D, Sullivan WC. 2016. Impact of views to school landscapes on recovery from stress and mental fatigue. Landsc Urban Plan 148:149–158, 10.1016/j.landurbplan.2015.12.015.

Li Q, Nakadai A, Matsushima H, Miyazaki Y, Krensky AM, Kawada T, et al. 2006. Phytoncides (wood essential oils) induce human natural killer cell activity. Immunopharmacol Immunotoxicol 28(2):319–333, PMID: 16873099, 10.1080/08923970600809439.

Li Q, Morimoto K, Kobayashi M, Inagaki H, Katsumata M, Hirata Y, et al. 2008a. A forest bathing trip increases human natural killer activity and expression of anti-cancer proteins in female subjects. J Biol Regul Homeost Agents 22(1):45–55, PMID: 18394317.

Li Q, Morimoto K, Kobayashi M, Inagaki H, Katsumata M, Hirata Y, et al. 2008b. Visiting a forest, but not a city, increases human natural killer activity and expression of anti-cancer proteins. Int J Immunopathol Pharmacol 21(1):117–127, PMID: 18336737, 10.1177/039463200802100113.

Li Q, Kobayashi M, Inagaki H, Hirata Y, Li YJ, Hirata K, et al. 2010. A day trip to a forest park increases human natural killer activity and the expression of anti-cancer proteins in male subjects. J Biol Regul Homeost Agents 24(2):157–165.

Li Q, Kawada T. 2011. Effect of forest environments on human natural killer (NK) activity. Int J Immunopathol Pharmacol 24(1suppl):39S–44S, PMID: 21329564.

Li X, Meng Q, Li W, Zhang C, Jancso T, Mavromatis S. 2014. An explorative study on the proximity of buildings to green spaces in urban areas using remotely sensed imagery. Ann GIS 20(3):193–203, 10.1080/19475683.2014.945482.

Li X, Zhang C, Li W, Kuzovkina YA. 2016. Environmental inequities in terms of different types of urban greenery in Hartford, Connecticut. Urb Forestry Urb Greening 18:163–172, 10.1016/j.ufug.2016.06.002.

Lin YH, Tsai CC, Sullivan WC, Chang PJ, Chang CY. 2014. Does awareness effect the restorative function and perception of street trees?. Front Psychol 5:906, PMID: 25177309, 10.3389/fpsyg.2014.00906.

Lindgren E, Elmqvist T. 2017. Ecosystem services and human health. In: Oxford Research Encyclopedia, Environmental Science. Oxford, UK:Oxford University Press. 10.1093/acrefore/9780199389414.013.86.

Lioy P, Weisel C. 2014. Exposure Science: Basic Principles and Applications. London, UK:Academic Press.

Liu J, Dietz T, Carpenter SR, Alberti M, Folke C, Moran E, et al. 2007. Complexity of coupled human and natural systems. Science 317(5844):1513–1516, PMID: 17872436, 10.1126/science.1144004.

Livesley SJ, McPherson GM, Calfapietra C. 2016. The urban forest and ecosystem services: Impacts on urban water, heat, and pollution cycles at the tree, street, and city scale. J Environ Qual 45(1):119–124, PMID: 26828167, 10.2134/jeq2015.11.0567.

Lovallo WR. 2015. Stress and Health: Biological and Psychological Interactions. 3rd ed.
Thousand Oaks, CA:Sage.

Lovasi GS, O’Neil-Dunne JP, Lu JW, Sheehan D, Perzanowski MS, Macfaden SW, et al. 2013. Urban tree canopy and asthma, wheeze, rhinitis, and allergic sensitization to tree pollen in a New York City birth cohort. Environ Health Perspect 121(4):494–500, PMID: 23322788, 10.1289/ehp.1205513.

Lovasi GS, Quinn JW, Neckerman KM, Perzanowski MS, Rundle A. 2008. Children living in areas with more street trees have lower prevalence of asthma. J Epidemiol Community Health 62(7):647–649, PMID: 18450765, 10.1136/jech.2007.071894.

Lovell R, Wheeler BW, Higgins SL, Irvine KN, Depledge MH. 2014. A systematic review of the health and well-being benefits of biodiverse environments. J Toxicol Environ Health B Crit Rev 17(1):1–20, PMID: 24597907, 10.1080/10937404.2013.856361.

Maas J, van Dillen SME, Verheij RA, Groenewegen PP. 2009a. Social contacts as a possible mechanism behind the relation between green space and health. Health Place 15(2):586–595.

Maas J, Verheij R, Groenewegen P, de Vries S, Spreeuwenberg P. 2006. Green space, urbanity, and health: how strong is the relation?. J Epidemiol Community Health 60(7):587–592, PMID: 16790830, 10.1136/jech.2005.043125.

Maas J, Verheij RA, de Vries S, Spreeuwenberg P, Schellevis FG, Groenewegen PP. 2009b. Morbidity is related to a green living environment. J Epidemiol Community Health 63(12):967–973, PMID: 19833605, 10.1136/jech.2008.079038.

MacFaden SW, O’Neil-Dunne JPM, Royar AR, Lu JWT, Rundle AG. 2012. High-resolution tree canopy mapping for new york city using LIDAR and object-based image analysis. J Appl Remote Sens 6(1):063567, 10.1117/1.JRS.6.063567.

MacKerron G, Mourato S. 2013. Happiness is greater in natural environments. Global Environmental Change 23(5):992–1000, 10.1016/j.gloenvcha.2013.03.010.

Mao G, Cao Y, Wang B, Wang S, Chen Z, Wang J, et al. 2017. The salutary influence of forest bathing on elderly patients with chronic heart failure. Int J Environ Res Public Health 14(4):368, 10.3390/ijerph14040368.

Margaritis E, Kang J. 2017. Relationship between green space-related morphology and noise pollution. Ecol Indic 72:921–933, 10.1016/j.ecolind.2016.09.032.

Markevych I, Thiering E, Fuertes E, Sugiri D, Berdel D, Koletzko S, et al. 2014a. A cross-sectional analysis of the effects of residential greenness on blood pressure in 10-year old children: results from the GINIplus and LISAplus studies. BMC Public Health 14:477, PMID: 24886243, 10.1186/1471-2458-14-477.

Markevych I, Tiesler CMT, Fuertes E, Romanos M, Dadvand P, Nieuwenhuijsen MJ, et al. 2014b. Access to urban green spaces and behavioural problems in children: results from the GINIplus and LISAplus studies. Environ Int 71:29–35, 10.1016/j.envint.2014.06.002.

Martens D, Bauer N. 2013. Natural environments: a resource for public health and well-being? A literature review. In: Psychology of Well-Being: Theory, Perspectives and Practice. Noehammer E, ed. Hauppauge, NY:Nova Science Publishers, 173–217.

Matchock RL. 2015. Pet ownership and physical health. Curr Opin Psychiatry 28(5):386–392, PMID: 26164613, 10.1097/YCO.0000000000000183.

Mazzali C, Duca P. 2015. Use of administrative data in healthcare research. Intern Emerg Med 10(4):517–524, PMID: 25711312, 10.1007/s11739-015-1213-9.

McEachan RR, Prady SL, Smith G, Fairley L, Cabieses B, Gidlow C, et al. 2016. The association between green space and depressive symptoms in pregnant women: Moderating roles of socioeconomic status and physical activity. J Epidemiol Community Health 70(3):253–259, PMID: 26560759, 10.1136/jech-2015-205954.

Melson GF, Kahn PH Jr, Beck A, Friedman B, Roberts T, Garrett E, et al. 2009. Children’s behavior toward and understanding of robotic and living dogs. Journal of Applied Developmental Psychology 30(2):92–102, 10.1016/j.appdev.2008.10.011.

Miller JT. 2016. Is urban greening for everyone? Social inclusion and exclusion along the Gowanus Canal. Urban For Urban Green 19:285–294, 10.1016/j.ufug.2016.03.004.

Mitchell R, Astell-Burt T, Richardson EA. 2011. A comparison of green space indicators for epidemiological research. J Epidemiol Community Health 65(10):853–858, PMID: 21296907, 10.1136/jech.2010.119172.

Mitchell R, Popham F. 2007. Greenspace, urbanity and health: relationships in England. J Epidemiol Community Health 61(8):681–683, PMID: 17630365, 10.1136/jech.2006.053553.

Mitchell R, Popham F. 2008. Effect of exposure to natural environment on health inequalities: An observational population study. Lancet 372(9650):1655–1660, 10.1016/S0140-6736(08)61689-X.

Mitchell RJ, Richardson EA, Shortt NK, Pearce JR. 2015. Neighborhood environments and socioeconomic inequalities in mental well-being. Am J Prev Med 49(1):80–84, PMID: 25911270, 10.1016/j.amepre.2015.01.017.

Morita E, Imai M, Okawa M, Miyaura T, Miyazaki S. 2011. A before and after comparison of the effects of forest walking on the sleep of a community-based sample of people with sleep complaints. Biopsychosoc Med 5:13, PMID: 21999605, 10.1186/1751-0759-5-13.

Murgui E, Hedblom M. 2017. Ecology and Conservation of Birds in Urban Environments. Cham, Switzerland:Springer.

Naidoo R, Balmford A, Ferraro PJ, Polasky S, Ricketts TH, Rouget M. 2006. Integrating economic costs into conservation planning. Trends Ecol Evol 21(12):681–687, PMID: 17050033, 10.1016/j.tree.2006.10.003.

Nicolaou N, Siddique N, Custovic A. 2005. Allergic disease in urban and rural populations: increasing prevalence with increasing urbanization. Allergy 60(11):1357–1360, 10.1111/j.1398-9995.2005.00961.x.

Nielsen TS, Hansen KB. 2007. Do green areas affect health? Results from a Danish survey on the use of green areas and health indicators. Health Place 13(4):839–850, 10.1016/j.healthplace.2007.02.001.

Nielsen. 2016. The Nielsen Total Audience Report: Q1, 2016. http://www.nielsen.com/us/en/insights/reports/2016/the-total-audience-report-q1-2016.html [accessed 5 July 2017].

Nieuwenhuijsen MJ, ed. 2003. Exposure Assessment in Occupational and Environmental Epidemiology. New York, NY:Oxford University Press.

Ninan KN, Costanza R. 2014. Valuing Ecosystem Services: Methodological Issues and Case Studies. Cheltenham, UK:Edward Elgar Publishing Limited.

Nowak DJ, Appleton N, Ellis A, Greenfield E. 2017. Residential building energy conservation and avoided power plant emissions by urban and community trees in the United States. Urb Forestry Urb Greening 21:158–165, 10.1016/j.ufug.2016.12.004.

Nowak DJ, Hirabayashi S, Bodine A, Greenfield E. 2014. Tree and forest effects on air quality and human health in the United States. Environ Pollut 193:119–129, PMID: 25016465, 10.1016/j.envpol.2014.05.028.

Nowak DJ, Hirabayashi S, Bodine A, Hoehn R. 2013. Modeled PM2.5 removal by trees in ten U.S. cities and associated health effects. Environ Pollut 178:395–402, PMID: 23624337, 10.1016/j.envpol.2013.03.050.

NRPA (National Recreation and Parks Association). 2015. The economic impact of local parks: An examination of the economic impacts of operations and capital spending on the United States economy. Ashburn, VA:National Recreation and Parks Association. http://www.nrpa.org/publications-research/research-papers/the-economic-impact-of-local-parks/ [accessed 5 July 2017].

Nusslock R, Miller GE. 2016. Early-life adversity and physical and emotional health across the lifespan: A neuroimmune network hypothesis. Biol Psychiatry 80(1):23–32, PMID: 26166230, 10.1016/j.biopsych.2015.05.017.

Nutsford D, Pearson AL, Kingham S. 2013. An ecological study investigating the association between access to urban green space and mental health. Public Health 127(11):1005–1011, PMID: 24262442, 10.1016/j.puhe.2013.08.016.

O’Donoghue G, Perchoux C, Mensah K, Lakerveld J, van der Ploeg H, Bernaards C, et al. 2016. A systematic review of correlates of sedentary behaviour in adults aged 18-65 years: A socio-ecological approach. BMC Public Health 16(1):163.

Park S-H, Mattson RH. 2008. Effects of flowering and foliage plants in hospital rooms on patients recovering from abdominal surgery. HortTechnology 18(4):563–568.

Park SH, Mattson RH. 2009. Ornamental indoor plants in hospital rooms enhanced health outcomes of patients recovering from surgery. J Altern Complement Med 15(9):975–980, PMID: 19715461, 10.1089/acm.2009.0075.

Parsons R, Tassinary LG, Ulrich RS, Hebl MR, Grossman-Alexander M. 1998. The view from the road: Implications for stress recovery and immunization. J Environ Psychol 18(2):113–140, 10.1006/jevp.1998.0086.

Payne LL, Mowen AJ, Orsega-Smith E. 2002. An examination of park preferences and behaviors among urban residents: The role of residential location, race, and age. Leis Sci 24(2):181–198, 10.1080/01490400252900149.

Pearl J, Glymour M, Jewell NP. 2016. Causal Inference in Statistics: A Primer. Chichester, UK: John Wiley & Sons Ltd.

Pearl J. 2009. Causality: Models, Reasoning, and Inference. 2nd ed. Cambridge, UK:Cambridge University Press.

Pedlowski MA, Da Silva VAC, Adell JJC, Heynen NC. 2002. Urban forest and environmental inequality in Campos dos Goytacazes, Rio de Janeiro, Brazil. Urban Ecosyst 6(1–2):9–20, 10.1023/A:1025910528583.

Pergams OR, Zaradic PA. 2008. Evidence for a fundamental and pervasive shift away from nature-based recreation. Proc Natl Acad Sci U S A 105(7):2295–2300, 10.1073/pnas.0709893105.

Perrin JL, Benassi VA. 2009. The connectedness to nature scale: A measure of emotional connection to nature?. J Environ Psychol 29(4):434–440, 10.1016/j.jenvp.2009.03.003.

Piff PK, Dietze P, Feinberg M, Stancato DM, Keltner D. 2015. Awe, the small self, and prosocial behavior. J Pers Soc Psychol 108(6):883–899, PMID: 25984788, 10.1037/pspi0000018.

Pliakas T, Hawkesworth S, Silverwood RJ, Nanchahal K, Grundy C, Armstrong B, et al. 2017. Optimising measurement of health-related characteristics of the built environment: Comparing data collected by foot-based street audits, virtual street audits and routine secondary data sources. Health Place 43:75–84, PMID: 27902960, 10.1016/j.healthplace.2016.10.001.

Posner SM, McKenzie E, Ricketts TH. 2016. Policy impacts of ecosystem services knowledge. Proc Natl Acad Sci USA 113(7):1760–1765, PMID: 26831101, 10.1073/pnas.1502452113.

Poulsen DV, Stigsdotter UK, Refshage AD. 2015. Whatever happened to the soldiers? Nature-assisted therapies for veterans diagnosed with post-traumatic stress disorder: A literature review. Urb Forestry Urb Greening 14(2):438–445, 10.1016/j.ufug.2015.03.009.

Qviström M. 2016. The nature of running: on embedded landscape ideals in leisure planning. Urban Forestry & Urban Greening 17:202–210, 10.1016/j.ufug.2016.04.012.

Radesky JS, Christakis DA. 2016. Increased screen time: implications for early childhood development and behavior. Pediatr Clin North Am 63(5):827–839, PMID: 27565361, 10.1016/j.pcl.2016.06.006.

Ray H, Jakubec SL. 2014. Nature-based experiences and health of cancer survivors. Complement Ther Clin Pract 20(4):188–192, PMID: 25160991, 10.1016/j.ctcp.2014.07.005.

Rhew IC, Vander Stoep A, Kearney A, Smith NL, Dunbar MD. 2011. Validation of the Normalized Difference Vegetation Index as a measure of neighborhood greenness. Ann Epidemiol 21(12):946–952, PMID: 21982129, 10.1016/j.annepidem.2011.09.001.

Rideout VJ, Foehr UG, Roberts DF. 2010. Generation M2: Media in the lives of 8- to 18-year-olds. Henry J. Kaiser Family Foundation. http://www.kff.org/other/report/generation-m2-media-in-the-lives-of-8-to-18-year-olds/ [accessed 5 July 2017].

Rideout VJ. 2013. Zero to eight: children’s media use in America 2013. Common Sense Media. https://www.commonsensemedia.org/research/zero-to-eight-childrens-media-use-in-america-2013 [accessed 5 July 2017].

Rigolon A. 2016. A complex landscape of inequity in access to urban parks: A literature review. Landsc Urban Plan 153:160–169, 10.1016/j.landurbplan.2016.05.017.

Roe J, Aspinall P. 2011. The restorative outcomes of forest school and conventional school in young people with good and poor behaviour. Urb Forestry Urb Greening 10(3):205–212, 10.1016/j.ufug.2011.03.003.

Roe J, Aspinall PA, Mavros P, Coyne R. 2013. Engaging the brain: The impact of natural versus urban scenes using novel EEG methods in an experimental setting. Environ Sci 1(2):93–104, 10.12988/es.2013.3109.

Roe JJ, Thompson CW, Aspinall PA, Brewer MJ, Duff EI, Miller D, et al. 2013. Green space and stress: Evidence from cortisol measures in deprived urban communities. Int J Environ Res Public Health 10(9):4086–4103, PMID: 24002726, 10.3390/ijerph10094086.

Rook GA. 2013. Regulation of the immune system by biodiversity from the natural environment: An ecosystem service essential to health. Proc Natl Acad Sci USA 110(46):18360–18367, PMID: 24154724, 10.1073/pnas.1313731110.

Roy S, Byrne J, Pickering C. 2012. A systematic quantitative review of urban tree benefits, costs, and assessment methods across cities in different climatic zones. Urb Forestry Urb Greening 11(4):351–363, 10.1016/j.ufug.2012.06.006.

Ruckelshaus M, McKenzie E, Tallis H, Guerry A, Daily G, Kareiva P, et al. 2015. Notes from the field: lessons learned from using ecosystem service approaches to inform real-world decisions. Ecol Econ 115:11–21, 10.1016/j.ecolecon.2013.07.009.

Rudd M, Vohs KD, Aaker J. 2012. Awe expands people’s perception of time, alters decision making, and enhances well-being. Psychol Sci 23(10):1130–1136, PMID: 22886132, 10.1177/0956797612438731.

Rundle AG, Bader MDM, Richards CA, Neckerman KM, Teitler JO. 2011. Using Google Street View to audit neighborhood environments. Amn J Prev Med 40(1):94–100, 10.1016/j.amepre.2010.09.034.

Ruokolainen L, von Hertzen L, Fyhrquist N, Laatikainen T, Lehtomaki J, Auvinen P, et al. 2015. Green areas around homes reduce atopic sensitization in children. Allergy 70(2):195–202, PMID: 25388016, 10.1111/all.12545.

Russell R, Guerry AD, Balvanera P, Gould RK, Basurto X, Chan KMA, et al. 2013. Humans and nature: how knowing and experiencing nature affect well-being. Annu Rev Environ Resour 38:473–502, 10.1146/annurev-environ-012312-110838.

Rutt RL, Gulsrud NM. 2016. Green justice in the city: a new agenda for urban green space research in europe. Urb Forestry Urb Greening 19:123–127, 10.1016/j.ufug.2016.07.004.

Rutter M. 2007. Proceeding from observed correlation to causal inference: the use of natural experiments. Perspect Psychol Sci 2(4):377–395, 10.1111/j.1745-6916.2007.00050.x.

Salmond JA, Tadaki M, Vardoulakis S, Arbuthnott K, Coutts A, Demuzere M, et al. 2016. Health and climate related ecosystem services provided by street trees in the urban environment. Environ Health 15(suppl 1):S36, 10.1186/s12940-016-0103-6.

Sanders T, Feng X, Fahey PP, Lonsdale C, Astell-Burt T. 2015. Greener neighbourhoods, slimmer children? Evidence from 4423 participants aged 6 to 13 years in the Longitudinal Study of Australian Children. Int J Obes (Lond) 39(8):1224–1229, PMID: 25916908, 10.1038/ijo.2015.69.

Sandifer PA, Sutton-Grier AE, Ward BP. 2015. Exploring connections among nature, biodiversity, ecosystem services, and human health and well-being: Opportunities to enhance health and biodiversity conservation. Ecosyst Serv 12:1–15, 10.1016/j.ecoser.2014.12.007.

Schootman M, Nelson EJ, Werner K, Shacham E, Elliott M, Ratnapradipa K, et al. 2016. Emerging technologies to measure neighborhood conditions in public health: implications for interventions and next steps. Int J Health Geogr 15(1):20, PMID: 27339260, 10.1186/s12942-016-0050-z.

Schutte NS, Bhullar N, Stilinović EJ, Richardson K. 2017. The impact of virtual environments on restorativeness and affect. Ecopsychology 9(1):1–7, 10.1089/eco.2016.0042.

Schwarz K, Fragkias M, Boone CG, Zhou W, McHale M, Grove JM, et al. 2015. Trees grow on money: urban tree canopy cover and environmental justice. PLoS One 10(4):e0122051, PMID: 25830303, 10.1371/journal.pone.0122051.

Seppelt R, Dormann CF, Eppink FV, Lautenbach S, Schmidt S. 2011. A quantitative review of ecosystem service studies: approaches, shortcomings and the road ahead. J Appl Ecol 48(3):630–636, 10.1111/j.1365-2664.2010.01952.x.

Seresinhe CI, Preis T, Moat HS. 2015. Quantifying the impact of scenic environments on health. Sci Rep 5:16899, PMID: 26603464, 10.1038/srep16899.

Sessions C, Wood SA, Rabotyagov S, Fisher DM. 2016. Measuring recreational visitation at U.S. National Parks with crowd-sourced photographs. J Environ Manage 183(Part 3):703–711, 10.1016/j.jenvman.2016.09.018.

Seymour V. 2016. The human–nature relationship and its impact on health: A critical review. Front Public Health 4:260, 10.3389/fpubh.2016.00260.

Shanahan DF, Fuller RA, Bush R, Lin BB, Gaston KJ. 2015a. The health benefits of urban nature: how much do we need? BioScience 65(5):476–485, 10.1093/biosci/biv032.

Shanahan DF, Lin BB, Bush R, Gaston KJ, Dean JH, Barber E, et al. 2015b. Toward improved public health outcomes from urban nature. Am J Public Health 105(3):470–477, PMID: 25602866, 10.2105/AJPH.2014.302324.

Shanahan DF, Bush R, Gaston KJ, Lin BB, Dean J, Barber E, et al. 2016. Health benefits from nature experiences depend on dose. Sci Rep 6:28551, PMID: 27334040, 10.1038/srep28551.

Shanahan DF, Franco L, Lin BB, Gaston KJ, Fuller RA. 2016. The benefits of natural environments for physical activity. Sports Med 46(7):989–995.

Shiota MN, Keltner D, Mossman A. 2007. The nature of awe: elicitors, appraisals, and effects on self-concept. Cogn Emot 21(5):944–963, 10.1080/02699930600923668.

Shoup L, Ewing R. 2010. The economic benefits of open space, recreation facilities and walkable community design. Princeton NJ and San Diego CA:Robert Wood Johnson Foundation, Active Living Research Program. http://activelivingresearch.org/economic-benefits-open-space-recreation-facilities-and-walkable-community-design [accessed 5 July 2017].

Smiley KT, Sharma T, Steinberg A, Hodges-Copple S, Jacobson E, Matveeva L. 2016. More inclusive parks planning: Park quality and preferences for park access and amenities. Environ Justice 9(1):1–7, 10.1089/env.2015.0030.

Smith LM, Case JL, Smith HM, Harwell LC, Summers JK. 2013. Relating ecoystem services to domains of human well-being: Foundation for a U.S. index. Ecol Ind 28:79–90, 10.1016/j.ecolind.2012.02.032.

Snow J. 1855. On the Mode of Communication of Cholera. London, UK:John Churchill.

Söderström M, Boldemann C, Sahlin U, Mårtensson F, Raustorp A, Blennow M. 2013. The quality of the outdoor environment influences childrens health – a cross-sectional study of preschools. Acta Paediatr 102(1):83–91, PMID: 23035750, 10.1111/apa.12047.

Song C, Joung D, Ikei H, Igarashi M, Aga M, Park BJ, et al. 2013. Physiological and psychological effects of walking on young males in urban parks in winter. J Physiol Anthropol 32:18, 10.1186/1880-6805-32-18.

Song C, Ikei H, Igarashi M, Takagaki M, Miyazaki Y. 2015. Physiological and psychological effects of a walk in urban parks in fall. Int J Environ Res Public Health 12(11):14216–14228, PMID: 26569271, 10.3390/ijerph121114216.

Stagl S, Common MS. 2005. Ecological Economics: An Introduction. Cambridge, UK:Cambridge University Press.

Stark JH, Neckerman K, Lovasi GS, Quinn J, Weiss CC, Bader MDM, et al. 2014. The impact of neighborhood park access and quality on body mass index among adults in New York City. Prev Med 64:63–68, PMID: 24704504, 10.1016/j.ypmed.2014.03.026.

Stiemsma LT, Reynolds LA, Turvey SE, Finlay BB. 2015. The hygiene hypothesis: Current perspectives and future therapies. ImmunoTargets Ther 4:143–157, PMID: 27471720, 10.2147/ITT.S61528.

Stier AC, Samhouri JF, Gray S, Martone RG, Mach ME, Halpern BS, et al. 2017. Integrating expert perceptions into food web conservation and management. Conservation Letters 10(1):67–76, 10.1111/conl.12245.

Stigsdotter UK, Ekholm O, Schipperijn J, Toftager M, Kamper-Jørgensen F, Randrup TB. 2010. Health promoting outdoor environments – associations between green space, and health, health-related quality of life and stress based on a Danish national representative survey. Scand J Public Health 38(4):411–417, PMID: 20413584, 10.1177/1403494810367468.

Sturm R, Cohen D. 2014. Proximity to urban parks and mental health. J Ment Health Policy Econ 17(1):19–24, PMID: 24864118.

Sugiyama T, Cerin E, Owen N, Oyeyemi AL, Conway TL, Van Dyck D, et al. 2014. Perceived neighbourhood environmental attributes associated with adults recreational walking: IPEN adult study in 12 countries. Health Place 28:22–30, PMID: 24721737, 10.1016/j.healthplace.2014.03.003.

Sullivan WC, Kaplan R. 2016. Nature! Small steps that can make a big difference. HERD 9(2):6–10, PMID: 26698884, 10.1177/1937586715623664.

Sullivan WC, Kuo FE, DePooter SF. 2004. The fruit of urban nature: vital neighborhood spaces. Environ Behav 36(5):678–700, 10.1177/0193841X04264945.

Szolosi AM, Watson JM, Ruddell EJ. 2014. The benefits of mystery in nature on attention: assessing the impacts of presentation duration. Front Psychol 5:1360, 10.3389/fpsyg.2014.01360.

Takano T, Nakamura K, Watanabe M. 2002. Urban residential environments and senior citizens’ longevity in megacity areas: the importance of walkable green spaces. J Epidemiol Community Health 56(12):913–918, PMID: 12461111.

Taylor AF, Kuo FE, Sullivan WC. 2002. Views of nature and self-discipline: evidence from inner city children. J Environ Psychol 22(1–2):49–63, 10.1006/jevp.2001.0241.

Taylor BT, Fernando P, Bauman AE, Williamson A, Craig JC, Redman S. 2011. Measuring the quality of public open space using Google Earth. Am J Prev Med 40(2):105–112, PMID: 21238857, 10.1016/j.amepre.2010.10.024.

Taylor L, Hochuli DF. 2017. Defining greenspace: multiple uses across multiple disciplines. Landsc Urban Plan 158:25–38, 10.1016/j.landurbplan.2016.09.024.

Taylor MS, Wheeler BW, White MP, Economou T, Osborne NJ. 2015. Research note: urban street tree density and antidepressant prescription rates—a cross-sectional study in London, UK. Landscape and Urban Planning 136:174–179, 10.1016/j.landurbplan.2014.12.005.

Thiering E, Markevych I, Bruske I, Fuertes E, Kratzsch J, Sugiri D, et al. 2016. Associations of residential long-term air pollution exposures and satellite-derived greenness with insulin resistance in German adolescents. Environ Health Perspect 124(8):1291–1298, PMID: 26863688, 10.1289/ehp.1509967.

Threlfall CG, Walker K, Williams NSG, Hahs AK, Mata L, Stork N, et al. 2015. The conservation value of urban green space habitats for australian native bee communities. Biological Conservation 187:240–248, 10.1016/j.biocon.2015.05.003.

Tilley S, Neale C, Patuano A, Cinderby S. 2017. Older people’s experiences of mobility and mood in an urban environment: a mixed methods approach using electroencephalography (EEG) and interviews. Int J Environ Res Public Health 14(2):151, 10.3390/ijerph14020151.

Triguero-Mas M, Dadvand P, Cirach M, Martínez D, Medina A, Mompart A, et al. 2015. Natural outdoor environments and mental and physical health: relationships and mechanisms. Environ Int 77:35–41, PMID: 25638643, 10.1016/j.envint.2015.01.012.

Troy A, Morgan Grove J, O’Neil-Dunne J. 2012. The relationship between tree canopy and crime rates across an urban–rural gradient in the greater Baltimore region. Landsc Urban Plan 106(3):262–270, 10.1016/j.landurbplan.2012.03.010.

Tzoulas K, Korpela K, Venn S, Yli-Pelkonen V, Kaźmierczak A, Niemela J, et al. 2007. Promoting ecosystem and human health in urban areas using green infrastructure: a literature review. Landscape and Urban Planning 81(3):167–178, 10.1016/j.landurbplan.2007.02.001.

Ulrich RS, Simons RF, Losito BD, Fiorito E, Miles MA, Zelson M. 1991. Stress recovery during exposure to natural and urban environments. J Environ Psychol 11(3):201–230, 10.1016/S0272-4944(05)80184-7.

Ulrich RS. 1984. View through a window may influence recovery from surgery. Science 224(4647):420–421, PMID: 6143402.

United Nations, Population Division. 2015. World Urbanization Prospects. The 2014 revision.
New York, NY:United Nations. https://esa.un.org/unpd/wup/ [accessed 5 July 2017].

van den Berg A, Custers M. 2011. Gardening promotes neuroendocrine and affective restoration from stress. J Health Psychol 16(1):3–11, PMID: 20522508, 10.1177/1359105310365577.

van den Berg AE, Maas J, Verheij RA, Groenewegen PP. 2010. Green space as a buffer between stressful life events and health. Soc Sci Med 70(8):1203–1210, PMID: 20163905, 10.1016/j.socscimed.2010.01.002.

van den Berg AE, van den Berg CG. 2011. A comparison of children with ADHD in a natural and built setting. Child Care Health Dev 37(3):430–439, PMID: 21143265, 10.1111/j.1365-2214.2010.01172.x.

Van Herzele A, de Vries S. 2012. Linking green space to health: A comparative study of two urban neighbourhoods in Ghent, Belgium. Popul Environ 34(2):171–193, 10.1007/s11111-011-0153-1.

Vanderloo LM. 2014. Screen-viewing among preschoolers in childcare: A systematic review. BMC Pediatr 14:205, PMID: 25129567, 10.1186/1471-2431-14-205.

Vaughan KB, Kaczynski AT, Wilhelm Stanis SA, Besenyi GM, Bergstrom R, Heinrich KM. 2013. Exploring the distribution of park availability, features, and quality across Kansas City, Missouri by income and race/ethnicity: An environmental justice investigation. Ann Behav Med 45(suppl 1):28–38, 10.1007/s12160-012-9425-y.

Verra ML, Angst F, Beck T, Lehmann S, Brioschi R, Schneiter R, et al. 2012. Horticultural therapy for patients with chronic musculoskeletal pain: results of a pilot study. Altern Ther Health Med 18(2):44–50, PMID: 22516884.

Villeneuve PJ, Jerrett M, G. Su J, Burnett RT, Chen H, Wheeler AJ, et al. 2012. A cohort study relating urban green space with mortality in Ontario, Canada. Environ Res 115:51–58, 10.1016/j.envres.2012.03.003.

Vos PE, Maiheu B, Vankerkom J, Janssen S. 2013. Improving local air quality in cities: to tree or not to tree?. Environ Pollut 183:113–122, 10.1016/j.envpol.2012.10.021.

Ward Thompson C, Aspinall P, Roe J, Robertson L, Miller D. 2016. Mitigating stress and supporting health in deprived urban communities: The importance of green space and the social environment. Int J Environ Res Public Health 13(4):440, PMID: 27110803, 10.3390/ijerph13040440.

Wells NM, Lekies KS. 2006. Nature and the life course: Pathways from childhood nature experiences to adult environmentalism. Child Youth Environ 16(1):1–24.

Wen M, Zhang X, Harris CD, Holt JB, Croft JB. 2013. Spatial disparities in the distribution of parks and green spaces in the USA. Ann Behav Med 45(suppl 1):18–27, 10.1007/s12160-012-9426-x.

Wheeler BW, Lovell R, Higgins SL, White MP, Alcock I, Osborne NJ, et al. 2015. Beyond greenspace: an ecological study of population general health and indicators of natural environment type and quality. Int J Health Geogr 14:17, 10.1186/s12942-015-0009-5.

White M, Smith A, Humphryes K, Pahl S, Snelling D, Depledge M. 2010. Blue space: the importance of water for preference, affect, and restorativeness ratings of natural and built scenes. J Environ Psychol 30(4):482–493, 10.1016/j.jenvp.2010.04.004.

White MP, Alcock I, Wheeler BW, Depledge MH. 2013. Would you be happier living in a greener urban area? A fixed-effects analysis of panel data. Psychol Sci 24(6):920–928, 10.1177/0956797612464659.

WHO (World Health Organization). 2010. Global Recommendations on Physical Activity for Health. Geneva:World Health Organization.

Willis KJ, Petrokofsky G. 2017. The natural capital of city trees. Science 356(6336):374–376, PMID: 28450596, 10.1126/science.aam9724.

Wilson EO. 1984. Biophilia. Cambridge, MA:Harvard University Press.

Witten K, Hiscock R, Pearce J, Blakely T. 2008. Neighbourhood access to open spaces and the physical activity of residents: A national study. Prev Med 47(3):299–303, PMID: 18533242, 10.1016/j.ypmed.2008.04.010.

Wolch JR, Byrne J, Newell JP. 2014. Urban green space, public health, and environmental justice: The challenge of making cities ‘just green enough.’ Landsc Urban Plan 125:234–244, 10.1016/j.landurbplan.2014.01.017.

Wolf KL, Measells MK, Grado SC, Robbins AST. 2015. Economic values of metro nature health benefits: A life course approach. Urb Forestry Urb Greening 14(3):694–701, 10.1016/j.ufug.2015.06.009.

Wolf KL, Robbins AS. 2015. Metro nature, environmental health, and economic value. Environ Health Perspect 123(5):390–398, PMID: 25626137, 10.1289/ehp.1408216.

Woo J, Tang N, Suen E, Leung J, Wong M. 2009. Green space, psychological restoration, and telomere length. Lancet 373(9660):299–300, PMID: 19167568, 10.1016/S0140-6736(09)60094-5.

Wood SA, Guerry AD, Silver JM, Lacayo M. 2013. Using social media to quantify nature-based tourism and recreation. Sci Rep 3:2976, PMID: 24131963, 10.1038/srep02976.

Younan D, Tuvblad C, Li L, Wu J, Lurmann F, Franklin M, et al. 2016. Environmental determinants of aggression in adolescents: Role of urban neighborhood greenspace. J Am Acad Child Adolesc Psychiatry 55(7):591–601, PMID: 27343886, 10.1016/j.jaac.2016.05.002.

Zartarian V, Bahadori T, McKone T. 2005. Adoption of an official ISEA glossary. J Expo Anal Environ Epidemiol 15(1):1–5, PMID: 15562291, 10.1038/sj.jea.7500411.

Zelenski JM, Dopko RL, Capaldi CA. 2015. Cooperation is in our nature: Nature exposure may promote cooperative and environmentally sustainable behavior. J Environ Psychol 42:24–31, 10.1016/j.jenvp.2015.01.005.

The Imperial County Community Air Monitoring Network: A Model for Community-based Environmental Monitoring for Public Health Action

Author Affiliations open

1California Department of Public Health, Richmond, California, USA

2Comite Civico Del Valle, Brawley, California, USA

3Department of Environmental & Occupational Health Sciences, University of Washington, Seattle, Washington, USA

4California Environmental Health Tracking Program, Public Health Institute, Oakland, California, USA

5School of Public Health, University of California, Los Angeles, California, USA

6Department of Environmental and Occupational Health Sciences, George Washington University, Washington, D.C., USA

PDF icon PDF Version (723 KB)

  • Summary:
    The Imperial County Community Air Monitoring Network (the Network) is a collaborative group of community, academic, nongovernmental, and government partners designed to fill the need for more detailed data on particulate matter in an area that often exceeds air quality standards. The Network employs a community-based environmental monitoring process in which the community and researchers have specific, well-defined roles as part of an equitable partnership that also includes shared decision-making to determine study direction, plan research protocols, and conduct project activities. The Network is currently producing real-time particulate matter data from 40 low-cost sensors throughout Imperial County, one of the largest community-based air networks in the United States. Establishment of a community-led air network involves engaging community members to be citizen-scientists in the monitoring, siting, and data collection process. Attention to technical issues regarding instrument calibration and validation and electronic transfer and storage of data is also essential. Finally, continued community health improvements will be predicated on facilitating community ownership and sustainability of the network after research funds have been expended. https://doi.org/10.1289/EHP1772
  • Received: 15 February 2017
    Revised: 04 April 2017
    Accepted: 06 April 2017
    Published: 31 July 2017

    Address correspondence to P.B. English, California Dept. of Public Health, 850 Marina Bay Parkway, Richmond, CA 94804. Telephone: (510) 620-3684. Email: Paul.english@cdph.ca.gov

    Authors L.O., E.B., H.L., and E.M. are members of Comite Civico Del Valle, an advocacy organization and are affected parties in relation to the research conducted.

    All other authors declare they have no actual or potential competing financial interests.

    Note to readers with disabilities: EHP strives to ensure that all journal content is accessible to all readers. However, some figures and Supplemental Material published in EHP articles may not conform to 508 standards due to the complexity of the information being presented. If you need assistance accessing journal content, please contact ehponline@niehs.nih.gov. Our staff will work with you to assess and meet your accessibility needs within 3 working days.

Introduction

Communities and regulatory agencies are discovering the utility of small, low-cost environmental sensors that are able to provide real-time information on air pollution (Jiao et al. 2016; Snyder et al. 2013; Yi et al. 2015). These sensors hold great promise for individuals, communities, schools, and other interested parties by providing timely information that can supplement regulatory data used to reduce toxic exposures and influence environmental health policy and programs. Using these new technologies presents challenges in ensuring scientific validity of the data and visualizing and communicating scientific information in a comprehensible manner.

The Imperial County Community Air Monitoring Network (the Network), one of the largest community-based air monitoring networks in the United States, is an innovative model that addresses these challenges through a community, academic, nongovernmental, and government partnership that integrates knowledge and priorities from community and academic research perspectives. In this community-engaged process, community members play key roles in determining study design, siting and deploying monitors, and data collection. The Network is now producing real-time particulate matter data from 40 low-cost sensors throughout the county.

Background

A Community Affected by Air Pollution

Imperial County in southern California is home to a primarily Latino population (82%) and has some of the highest rates of unemployment and poverty in the nation (U.S. Census 2010). The county is mainly desert and agricultural, with a range of air pollution sources—such as field burning, the U.S.–Mexico border crossing, unpaved roads, and various industrial facilities—that contribute to periods lasting longer than 6 months when Imperial County exceeds the California standard for particulate matter (PM) with an aerodynamic diameter of 10 μm or less (PM10) (CARB 2012). Historically, Imperial far surpasses all other California counties as having the highest rates of both emergency hospital visits and hospitalizations for asthma among school-age children (CEHTP 2017). El Centro, California, located in the Imperial Valley, is the city with the fifth-worst air quality in the U.S. (ALA 2016). Exposure to PM10 is associated with increased respiratory disease, decreased lung function, and asthma attacks in susceptible individuals (Anderson et al. 2012). According to the California Air Resources Board, in 2015, the last year in which data were available, the Salton Sea air basin, where Imperial County is located, had 128 d that exceeded the state standards for PM10 (https://www.arb.ca.gov/adam/topfour/topfour1.php). This finding means that, for more than one third of the year, residents may be at risk of breathing outdoor air that exceeds the maximum amount of PM that would not harm public health. Even when air quality is within state standards, the health of the population will likely suffer, as arguably no health threshold level exists for PM; for example, an analysis of daily time series data for the 20 largest U.S. cities for 1987–1994 found no threshold for particulate air pollution on daily mortality (Daniels et al. 2000), and Vaduganathan et al. found that increased levels of PM10, even below the current limits set by the European Union, were associated with excess risk for admissions for acute cardiovascular events (Vaduganathan et al. 2016).

Community Needs for Local-level Air Quality Information

Governmental regulatory air monitors are designed to measure ambient air in communities to ensure that federal and state air-quality standards for the protection of public health are met. However, regulatory monitoring does not have the spatial resolution to provide information to the public in the specific communities where they live, work, and play. Further, regulatory monitors are not designed to report on episodic elevated events (i.e., high-concentration events may be qualified as “exceptional events” and removed from regulatory consideration), which are of concern to communities due to acute health events that occur during peak concentrations.

These limitations play out in Imperial County, where understanding, awareness, and effective response to air pollution trends have been hindered by the fact that there are only five regulatory PM monitors for a county that spans over 4,000 square miles and is home to 175,000 individuals. Residents have noted that these monitors often do not seem to reflect the air quality in their local communities, voiced concerns that the monitoring data are sometimes not displayed during elevated events, and identified the need for more air monitors.

Opportunities with Next Generation Air Sensor Technology

Recent advances in small portable and personal air monitors or sensors, which are low cost in comparison with conventional monitors, potentially may provide higher temporal and spatial resolution of air quality data than currently exists from regulatory networks (Jerrett et al. 2015; Duvall et al. 2016; Han et al. 2017; Jovašević-Stojanović et al. 2015; Volckens et al. 2016). The accessible cost, ease of use, and improving accuracy of these technologies position them to play an important role in efforts by communities and researchers to identify sources and trends in air quality that may inform policies and plans to reduce emissions and exposures. Both personal and community responses to these new data can be important public health actions that may emerge from monitoring.

To address community concerns about air quality, a collaborative of community, academia, nonprofit, and government partners formed the Imperial County Community Air Monitoring Project (the Project). Funded by the National Institute for Environmental Health Science’s Research to Action Program, the Project used an innovative approach to facilitate community participation and decision-making throughout the development and deployment of the Network and to address concerns about scientific validity and sustainability.

Project Partnerships and a Community Engagement Structure

A crucial component of our approach was to establish an equitable and inclusive community engagement structure that ensured participation at multiple levels throughout the project by various community representatives. The initial step of identification of study partners occurred naturally through a long-standing relationship between Comite Civico del Valle (CCV), a community-based organization in Imperial County, and the California Environmental Health Tracking Program (CEHTP), a program of the nongovernmental Public Health Institute, in collaboration with the California Department of Public Health. The third main study partner, the Seto research group at University of Washington (UW), was identified through relationships with CEHTP, as were other academic partners affiliated with University of California at Los Angeles and George Washington University, who served in an advisory capacity. Distinct roles for the partnering organizations were established from the start. CEHTP provided epidemiological, community engagement, health education, and project-management expertise. UW provided exposure assessment expertise, equipment customization and assembly, and monitor-operation and validation capabilities. CCV provided local community knowledge and relationships and community outreach and organizing expertise, and CCV was ultimately responsible for interfacing with monitor sites and maintenance of the monitoring network. UCLA provided expertise to the community and academic partners on the health effects of air pollution, and George Washington University provided technical consultation on the monitoring of ambient particles.

The project engaged with residents in Imperial County via the establishment of a Community Steering Committee (CSC), recruitment of community participants to help site monitors, and identification of local sites to serve as hosts for the air monitors. The CSC—composed of local leaders and residents concerned about the environment—worked with the Project staff on all aspects of study design and implementation, provided feedback on data communication, and participated in the development of actions to reduce exposures and pollution sources. Government regulatory agencies (in this case, the local air pollution control agency, the California Environmental Protection Agency (California EPA), and the U.S. Environmental Protection Agency (U.S. EPA), were engaged through participation on a Technical Team, composed of local government, academic, and other technical experts. The technical team was convened semiannually to provide technical advice and expertise on the exposure assessment methodologies and calibration results. Government agencies were contacted to provide portable reference monitors for co-location studies, to provide technical assistance to communities and the researchers, and to receive feedback on community needs.

Defining the Goals for Community Air Monitoring

Components of establishing a community-based air monitoring network are shown in Figure 1. Because it was essential to have an established research question or surveillance need to guide the Project’s activities, this was determined at the start with partners to ensure responsiveness to community needs. The study partners defined broad goals for the Network that included the ability to use the air monitoring data to inform community members about air quality in real time, as well as to generate data that are appropriate for conducting spatial analysis to identify air pollution hot spots and trends. We also continued to refine the goals by incorporating priorities of the CSC and community participants, determined through individual key informant interviews and group discussions to learn about community air quality information needs, uses, sources, and barriers. In turn, these goals provided guidance as we designed the Network and prepared to share monitoring data with the community. In this manner, the study protocol was developed with significant input from the community partner. Furthermore, at that time, the project partners and CSC helped to develop a project-evaluation plan to assess how well these goals were achieved. The evaluation plan included surveys of CSC members, community participants, and other users of the air monitoring data; web analytics; and key informant interviews of project partners.

Flowchart.
Figure 1. Components of establishing a community-based air monitoring network.

Preparing the Network Equipment and Data Collection Infrastructure

The monitor selected for this study, a modified Dylos DC1700 (Dylos Corporation), was tested in the lab and field for limits of detection, responses to particles of varying composition, ability to accurately size particles, and precision between multiple monitors at multiple field sites with different environmental conditions, such as temperature and humidity. The Dylos is a light-scattering particle counter, and as such, particle counts were converted to mass concentrations to align with health recommendations that are usually based on the latter. Algorithms to convert counts to mass were developed based on co-location of the instruments with government reference instruments in the region, modeling the relationship between counts and mass and using this relationship to estimate mass concentrations. The monitor system included the Dylos particle sensor with four size bins (>0.5 μm, >1.0 μm, >2.5 μm and >10 μm), temperature and relative humidity sensors, and a microcontroller to allow wireless real-time data transfer to the Internet. The monitor components were housed in a box with a cooling fan to sustain optimal sensor performance under Imperial County’s harsh summer conditions (Figure 2).

<img src="http://usgov.info/wp-content/plugins/wp-o-matic/cache/fe1087802c_EHP1772-f2.png" alt="Photograph."
Figure 2. Air monitor system including modified Dylos particle sensor with four size bins (>0.5 μm, >1.0 μm, >2.5 μm and >10 μm), temperature and relative humidity sensors, and a microcontroller.

Monitors were validated and calibrated with reference monitors. In our case, the California EPA participated by providing access to their Calexico, California, site, where they operate federal reference and federal equivalent methods for measuring PM, as well as co-locating portable Beta-attenuation particulate matter monitors at sites that we selected for our community air monitors. Additionally, data collection and data transfer protocols were established, along with quality control plans. This process included addressing issues such as establishment of data feeds, data averaging over time, and data completion checks, as well as formatting data for display and hosting the Web services that allow the public to view the data in real time.

Designing and Deploying the Network

Monitor siting was accomplished by having community members identify, collect data about, and prioritize potential monitor locations in impacted communities throughout the county. The participants in this prioritization process included the CSC and additional community residents who were recruited for this aspect of the project. To facilitate these community members’ meaningful participation in the monitor siting process, the project team provided basic training in air monitoring science, including explanation of technical criteria (e.g., electrical power availability, wireless connection capability, absence of obstructions, secure location) for monitoring siting. This community-engaged process was used to identify locations for the first 20 monitors. An iterative process was used in which monitoring data from the first set of 20 monitors helped determine sites for the second set. The selection of the second 20 monitor locations was guided by the research staff, with input from the CSC, to ensure that monitors were located in areas where a spatially representative model could be constructed using land use regression techniques (Briggs et al. 1997). CCV played a critical role in recruitment of monitor hosts. CCV staff members were also trained to deploy the monitors and conduct routine maintenance and troubleshooting.

Producing Community-relevant and Accessible Information

Researchers and the community members discussed which air quality measures were most useful and how the data would be visualized and communicated to the public. The CSC was presented with several options for data presentation to determine the most understandable and useful approach. The existing community website and data platform titled Identifying Violations Affecting Neighborhoods (IVAN) was redesigned and built out to include the data from the Network, called IVAN Air Monitoring (IVAN-Imperial.org/air). The Project staff developed messaging about interpreting the data, information on air quality and health, and technical information on the monitors and pollution levels, which is also posted on the IVAN website.

Moving Data to Action

Ultimately, the goal of the Network is to provide data and information to community residents to help them engage in individual and community actions to improve health. CCV has extensive knowledge and expertise in outreach, education, advocacy, and organizing. By involving the CSC and other community residents throughout the Project, CCV was more readily able to engage them in ongoing actions than in the past. To support the deployment and utilization of the Network, the Project team developed a two-phase public health action-planning process in which the CSC and other community participants were trained in community action planning strategies, identified and prioritized public health concerns, and developed action plans to address those concerns. With the completion of the Network, the second phase of public health actions will focus specifically on air quality, which may include actions such as outreach to school communities about air quality and health; devising plans for schools to shelter in place during a poor-air-quality days, especially for students with asthma; sharing data trends with local officials to advocate for regulatory action; and training schools with a community monitor to use a flag system to notify the school community about the current air-quality level.

Ensuring Sustainability

This Network was designed from the outset to be community owned and operated, which will require that the community has the resources, knowledge, and capacity to sustain it. A critical component of supporting an ongoing network is the operation and maintenance of the monitoring equipment, as well as upgrading of software and hardware as needed. As part of ongoing project activities, CCV staff has already received training and assumed responsibility for monitor installation, as well as in troubleshooting monitor hardware and software issues. Furthermore, although technical expertise from a consultant on retainer can provide periodic review to ensure the scientific accuracy of the project, the Network should not have to rely on external technical infrastructure. For example, project data were initially stored on UW data servers but have now been migrated to a cloud service provider so that ownership of the data and the server software may be transferred to the community before the conclusion of the initial grant. This step is critical to ensure sustainability of the program and accessibility of the data after the grant funding period ends. Finally, a key component of sustainability is the continuation of community action planning and community-training activities. The CSC provides an existing structure through which community members can participate directly in the outreach, dissemination, and use of air monitoring data in the broader community. CCV and the CSC can also play a role in community-member mentoring, so that the next generation is interested and prepared to operate the Network.

Who should financially sustain a community-based air monitoring network? Although the community will own the Network and has an interest in its continued operation, they have limited access to funding streams and few available resources. Government agencies may be motivated to maintain and ensure quality data from such projects, as these data help fulfill their mission to provide useful data for community members and can supplement information from regulatory monitors. One example in California is the California Air Resources Board’s Supplemental Environmental Project Policy (available from a file linked at https://www.arb.ca.gov/enf/seppolicy.htm). This policy “allows community-based projects to be funded from a portion of the penalties received during settlement of enforcement actions.” Policies like these can provide some continued support for air monitoring network sustainability.

Best Practices

Several main themes emerge from this project that can be applied to other settings. First, a clearly defined purpose for monitoring must exist, with an understanding of how data may inform action. Roles and responsibilities of all study partners need to be clear from the onset; if this is done correctly, it will ensure that critical functions are covered and adequately funded, it will manage expectations and avoid miscommunication, and it will identify opportunities for knowledge transfer and capacity building. The community, researchers, and government agencies all have an important role to play, and the project resources should be equitably distributed among them. Scientific information must be presented in an accurate and accessible manner and tailored to the cultural and socioeconomic attributes of the community in question. Data must be understandable and useful for the public to apply in public health campaigns. Next-generation environmental monitors, although relatively easy to install, should not be considered reliable and accurate without rigorous calibration and testing; monitors later may experience technical issues, such as connectivity problems that may affect data completeness. Further, due to dust accumulation on the lens of the particle counter, measurement drift can occur over time; therefore, a regular maintenance schedule is essential. In addition, sustaining a project after dedicated funding ends is difficult; therefore, emphasis on community involvement and training during the project period, as well as novel fundraising and interest from regulatory agencies, can ensure that the project continues to collect useful data into the future.

Conclusion

Current availability of real-time and neighborhood-scale data on PM levels can be used as an agent of change. Residents are now equipped with data that they can use to better identify when and where residents are safe outside; to change personal behaviors to reduce exposures; and to advocate for policy changes that more aggressively reduce PM sources. Community engagement and uses of citizen science are becoming more common in influencing public health practice (Den Broeder et al. 2016). In Imperial County, we have emphasized the importance of the development of a sustainable air-monitoring network that is community owned and operated and producing data that are valid for community and traditional research. The project has increased community knowledge and capacity about the process required to set up and maintain monitors, and community partners are now empowered to initiate and collect air data for themselves. With this new information, understanding, and capacity, the community is better prepared to engage and collaborate with government around air monitoring and policy than in the past. Increased availability of actionable independent data and technical capacity to operate the hardware and software network components allow residents to have greater control over their lives and enhance the health of their community members.

Acknowledgments

Research reported in this publication was supported by the National Institute of Environmental Health Sciences of the National Institutes of Health under Award Number R01ES022722. The content is solely the responsibility of the authors and does not necessarily represent the official views of the National Institutes of Health.

References

ALA (American Lung Association). State of the Air. 2016. http://www.lung.org/our-initiatives/healthy-air/sota/ [accessed 13 February 2017]

Anderson JO, Thundiyil JG, Stolbach A. 2012. Clearing the air: a review of the effects of particulate matter air pollution on human health. J Med Toxicol 8(2):166–175, PMID: 22194192, 10.1007/s13181-011-0203-1.

Briggs DJ, Collins S, Elliott P, Fischer P, Kingham S, Lebret E, et al. 1997. Mapping urban air pollution using GIS: a regression-based approach. Int J Geogr Inf Sci 11(7): 699–718, 10.1080/136588197242158.

CARB (California Air Resources Board). 2012. Air Quality Trend Summaries, http://www.arb.ca.gov/adam/trends/trends1.php [accessed 13 February 2017]

CEHTP (California Environmental Health Tracking Program) () 2017. http://www.cehtp.org [accessed 13 February 2017]

Daniels MJ, Dominici F, Zeger SL, Samet JM. 2000. Estimating particulate-matter mortality dose-response curves and threshold levels: an analysis of daily time-series for the 20 largest US cities. Am J Epidemiol 152(5):397–406, 10.1093/aje/152.5.397.

Den Broeder L, Devilee J, Van Oers H, Schuit AJ, Wagemakers A. 2016. Citizen science for public health. Health Promot Int Dec 23. pii: daw086, 10.1093/heapro/daw086.

Duvall RM, Long RW, Beaver MR, Kronmiller KG, Wheeler ML, Szykman JJ. 2016. Performance evaluation and community application of low-cost sensors for ozone and nitrogen dioxide. Kolev SD, ed. Sensors (Basel). 16(10):1698, 10.3390/s16101698.

Han I, Symanski E, Stock TH. 2017. Feasibility of using low-cost portable particle monitors for measurement of fine and coarse particulate matter in urban ambient air. J Air Waste Manag Assoc 67(3):330–340, PMID: 27690287, 10.1080/10962247.2016.1241195.

Jerrett M, Reid CE, McKone TE, Koutrakis P. 2015. Participatory and ubiquitous sensing for exposure assessment in spatial epidemiology. In Spatial Analysis in Health Geography. Kanaroglou P, Delmelle E, Paez A eds. Farnham, UK:Ashgate Publishing Ltd.

Jiao W, Hagler G, Williams R, Sharpe R, Brown R, Garver D, et al. 2016. Community Air Sensor Network (CAIRSENSE) project: evaluation of low-cost sensor performance in a suburban environment in the southeastern United States. Atmos Meas Tech 9(11):5281, 10.5194/amt-9-5281-2016.

Jovašević-Stojanović M, Bartonova A, Topalović D, Lazović I, Pokrić B, Ristovski Z, et al. 2015. On the use of small and cheaper sensors and devices for indicative citizen-based monitoring of respirable particulate matter. Environ Pollut 206:696–704, 10.1016/j.envpol.2015.08.035.

Snyder EG, Watkins TH, Solomon PA, Thoma ED, Williams RW, Hagler GS, Williams RW, Shelow D, et al. 2013. The changing paradigm of air pollution monitoring. Environ Sci Technol 47(20):11369–11377, 10.1021/es4022602.

U.S. Census. 2010. U.S. Census Bureau Quick Facts. Imperial County. http://www.census.gov/quickfacts/table/PST045215/06025,0636294,00 [accessed 13 February 2017]

Vaduganathan M, De Palma G, Manerba A, Goldoni M, Triggiani M, Apostoli P, Dei Cas L, et al. 2016. Risk of cardiovascular hospitalizations from exposure to coarse particulate matter (PM10) below the European Union Safety Threshold. Am J Cardiol 117(8):1231–1235, PMID: 26976793, 10.1016/j.amjcard.2016.01.041.

Volckens J, Quinn C, Leith D, Mehaffy J, Henry CS, Miller-Lionberg D. 2016. Development and evaluation of an ultrasonic personal aerosol sampler. Indoor Air. 27(2):409–416, 10.3390/s16101698.

Yi WY, Lo KM, Mak T, Leung KS, Leung Y, Meng ML. 2015. A survey of wireless sensor network based air pollution monitoring systems. Sensors (Basel) 15(12):31392–31427, 10.3390/s151229859.

Methane-eating bacteria in lake deep beneath Antarctic ice sheet may reduce greenhouse gas emissions

Ken Markoff of the University of California, Santa Cruz monitors the borehole for the WISSARD drilling project in this 2013 photograph.

An interdisciplinary team of researchers funded by the National Science Foundation (NSF) has concluded that bacteria in a lake 800 meters (2,600 feet) beneath the West Antarctic Ice Sheet may digest methane, a powerful greenhouse gas, preventing its release into the atmosphere.

As part of the NSF-funded Whillans Ice Stream Subglacial Access Research Drilling (WISSARD) project, the researchers successfully

More at https://www.nsf.gov/news/news_summ.jsp?cntn_id=242668&WT.mc_id=USNSF_51&WT.mc_ev=click


This is an NSF News item.

SB17-212: Vulnerability Summary for the Week of July 24, 2017

Original release date: July 31, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
appsec-labs — appsec_labs AppUse 4.0 allows shell command injection via a proxy field. 2017-07-25 7.2 CVE-2017-11566
MISC
buffalo — wapm-1166d_firmware WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. 2017-07-21 10.0 CVE-2017-2126
CONFIRM
JVN
finecms — finecms dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. 2017-07-23 7.5 CVE-2017-11582
MISC
finecms — finecms dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. 2017-07-23 7.5 CVE-2017-11583
MISC
finecms — finecms dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. 2017-07-23 7.5 CVE-2017-11584
MISC
finecms — finecms dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. 2017-07-23 7.5 CVE-2017-11585
MISC
fortinet — fortiwlm A hard-coded account named ‘upgrade’ in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with ‘upgrade’ account privileges. 2017-07-22 7.5 CVE-2017-7336
BID
CONFIRM
geutebrueck — gcore Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. 2017-07-21 7.5 CVE-2017-11517
EXPLOIT-DB
greenpacket — dx-350_firmware Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. 2017-07-21 7.5 CVE-2017-9932
MISC
greenpacket — dx-350_firmware In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the “PING” (aka tag_ipPing) feature within the web interface allows performing command injection, via the “pip” parameter. 2017-07-21 7.5 CVE-2017-9980
MISC
imagemagick — imagemagick Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. 2017-07-25 7.8 CVE-2016-7539
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. 2017-07-21 7.1 CVE-2017-11505
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. 2017-07-22 7.1 CVE-2017-11523
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11525
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11526
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11527
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11530
CONFIRM
CONFIRM
inmarsat — amosconnect_8 Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. 2017-07-22 10.0 CVE-2017-3222
BID
CERT-VN
libinfinity_project — libinfinity libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. 2017-07-21 7.5 CVE-2015-3886
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rootkit_hunter_project — rkhunter rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. 2017-07-21 7.5 CVE-2017-7480
MLIST
sony — wg-c10_firmware WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-21 9.0 CVE-2017-2275
MISC
JVN
sony — wg-c10_firmware Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. 2017-07-21 9.0 CVE-2017-2276
MISC
JVN
tcpdump — tcpdump tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. 2017-07-22 7.5 CVE-2017-11541
BID
MISC
tcpdump — tcpdump tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. 2017-07-22 7.5 CVE-2017-11542
BID
MISC
tcpdump — tcpdump tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. 2017-07-22 7.5 CVE-2017-11543
BID
MISC
tilde_cms_project — tilde_cms An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. 2017-07-24 7.5 CVE-2017-11324
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansible — ansible Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly. 2017-07-21 5.0 CVE-2017-7473
MISC
atmail — atmail Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes. 2017-07-25 4.3 CVE-2017-11617
MISC
MISC
atutor — atutor Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. 2017-07-22 5.0 CVE-2016-10400
MISC
MISC
buffalotech — wmr-433w_firmware Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-21 4.3 CVE-2017-2274
CONFIRM
JVN
canonical — ubuntu_linux The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. 2017-07-21 4.9 CVE-2015-1323
BID
UBUNTU
cisco — prime_collaboration_provisioning A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. 2017-07-25 4.3 CVE-2017-6755
BID
SECTRACK
CONFIRM
contao — contao_cms Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. 2017-07-21 6.5 CVE-2017-10993
CONFIRM
cygwin — cygwin Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. 2017-07-21 5.0 CVE-2017-7523
MISC
ektron — ektron_content_management_system Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. 2017-07-25 4.3 CVE-2016-6133
BUGTRAQ
eshop_project — eshop The eshop_checkout function in checkout.php in the WordPress Eshop plugin 6.3.11 and earlier does not validate variables in the “eshopcart” HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. 2017-07-21 4.3 CVE-2015-3421
BID
MISC
exiv2 — exiv2 There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. 2017-07-22 5.0 CVE-2017-11553
MISC
exiv2 — exiv2 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. 2017-07-23 5.0 CVE-2017-11591
MISC
exiv2 — exiv2 There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. 2017-07-23 5.0 CVE-2017-11592
MISC
fedoraproject — fedora The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. 2017-07-21 5.0 CVE-2015-5194
CONFIRM
FEDORA
FEDORA
SUSE
SUSE
SUSE
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
fedoraproject — fedora ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. 2017-07-21 5.0 CVE-2015-5195
FEDORA
FEDORA
FEDORA
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
fedoraproject — fedora The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. 2017-07-21 5.0 CVE-2015-5219
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
SUSE
SUSE
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
fedoraproject — fedora Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. 2017-07-25 4.3 CVE-2015-5221
SUSE
SUSE
SUSE
MLIST
REDHAT
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
finecms — finecms dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a ‘<‘ character. 2017-07-23 4.3 CVE-2017-11581
MISC
finecms — finecms dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. 2017-07-23 5.8 CVE-2017-11586
MISC
fontforge — fontforge FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11569
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11568
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11570
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11571
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11572
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11573
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11574
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c. 2017-07-23 6.8 CVE-2017-11575
MISC
fontforge_project — fontforge FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file. 2017-07-23 4.3 CVE-2017-11576
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11577
MISC
gnome — libgxps There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. 2017-07-23 4.3 CVE-2017-11590
MISC
greenpacket — dx-350_firmware Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. 2017-07-21 6.8 CVE-2017-9930
MISC
greenpacket — dx-350_firmware Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. 2017-07-21 4.3 CVE-2017-9931
MISC
ibm — rhapsody_design_manager IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. 2017-07-24 4.9 CVE-2017-1287
CONFIRM
MISC
ibm — security_guardium IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. 2017-07-21 5.0 CVE-2017-1267
CONFIRM
BID
MISC
ibm — tririga_application_platform Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864. 2017-07-21 6.5 CVE-2017-1371
CONFIRM
MISC
ibm — tririga_application_platform Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866. 2017-07-21 6.5 CVE-2017-1373
CONFIRM
BID
MISC
ibm — tririga_application_platform Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. 2017-07-21 4.0 CVE-2017-1374
CONFIRM
MISC
imagemagick — imagemagick The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-07-22 4.3 CVE-2017-11522
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. 2017-07-22 4.3 CVE-2017-11524
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. 2017-07-22 4.3 CVE-2017-11528
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. 2017-07-22 4.3 CVE-2017-11529
CONFIRM
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. 2017-07-22 4.3 CVE-2017-11532
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. 2017-07-22 4.3 CVE-2017-11533
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. 2017-07-22 4.3 CVE-2017-11534
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. 2017-07-22 4.3 CVE-2017-11535
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. 2017-07-22 4.3 CVE-2017-11536
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. 2017-07-22 4.3 CVE-2017-11537
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. 2017-07-22 4.3 CVE-2017-11538
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. 2017-07-22 4.3 CVE-2017-11539
BID
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. 2017-07-22 4.3 CVE-2017-11540
BID
CONFIRM
inmarsat — amosconnect_8 Blind SQL injection in the AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. 2017-07-22 5.0 CVE-2017-3221
BID
CERT-VN
libexpat_project — libexpat XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. 2017-07-25 5.0 CVE-2017-9233
MLIST
BID
CONFIRM
CONFIRM
libsass — libsass There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. 2017-07-22 5.0 CVE-2017-11554
MISC
MISC
libsass — libsass There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. 2017-07-22 5.0 CVE-2017-11555
MISC
libsass — libsass There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. 2017-07-22 5.0 CVE-2017-11556
MISC
libsass — libsass There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. 2017-07-24 4.3 CVE-2017-11605
BID
MISC
libsass — libsass There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. 2017-07-24 4.3 CVE-2017-11608
MISC
linux — linux_kernel The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. 2017-07-21 4.9 CVE-2017-7542
CONFIRM
BID
CONFIRM
microsec — e-szigno Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. 2017-07-21 6.8 CVE-2015-3931
MISC
MISC
BID
MISC
MISC
MISC
netlock — mokka Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. 2017-07-21 6.8 CVE-2015-3932
MISC
MISC
BID
MISC
MISC
phpmybackuppro — phpmybackuppro phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. 2017-07-21 6.5 CVE-2015-3638
MLIST
MLIST
SECTRACK
phpmybackuppro — phpmybackuppro phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. 2017-07-21 6.5 CVE-2015-3639
MLIST
MLIST
SECTRACK
phpmybackuppro — phpmybackuppro phpMyBackupPro 2.5 and earlier does not properly escape the “.” character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. 2017-07-21 6.0 CVE-2015-3640
MLIST
SECTRACK
sap — netweaver_portal Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. 2017-07-25 4.3 CVE-2017-11460
BID
MISC
subsonic — subsonic Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. 2017-07-25 6.8 CVE-2017-9413
MISC
EXPLOIT-DB
subsonic — subsonic Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. 2017-07-21 5.1 CVE-2017-9415
EXPLOIT-DB
tcpdump — tcpdump tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3. 2017-07-22 5.0 CVE-2017-11544
BID
MISC
tcpdump — tcpdump tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34. 2017-07-22 5.0 CVE-2017-11545
BID
MISC
tilde_cms_project — tilde_cms An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. 2017-07-24 5.0 CVE-2017-11326
MISC
tilde_cms_project — tilde_cms An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. 2017-07-24 4.0 CVE-2017-11327
MISC
tp-link — archer_c9_(2.0)_firmware passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. 2017-07-21 5.0 CVE-2017-11519
MISC
MISC
tukaani — xz scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. 2017-07-25 4.6 CVE-2015-4035
MLIST
MLIST
CONFIRM
CONFIRM
yiiframework — yii An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. 2017-07-21 4.3 CVE-2017-11516
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — emptoris_strategic_supply_management IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356. 2017-07-24 3.5 CVE-2016-6118
CONFIRM
BID
MISC
ibm — rational_software_architect_design_manager IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580. 2017-07-24 3.5 CVE-2017-1245
CONFIRM
MISC
ibm — rhapsody_design_manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. 2017-07-24 3.5 CVE-2016-8975
CONFIRM
MISC
ibm — rhapsody_design_manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-07-24 3.5 CVE-2017-1249
CONFIRM
MISC
ibm — tririga_application_platform IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865. 2017-07-21 3.5 CVE-2017-1372
CONFIRM
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. 2017-07-24 3.5 CVE-2017-1380
CONFIRM
BID
SECTRACK
MISC
ibm — websphere_application_server IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. 2017-07-21 2.1 CVE-2017-1381
CONFIRM
BID
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. 2017-07-24 3.6 CVE-2017-1382
CONFIRM
BID
SECTRACK
MISC
selinux_project — selinux selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. 2017-07-21 2.1 CVE-2015-3170
CONFIRM
sos_project — sos sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. 2017-07-25 2.1 CVE-2015-3171
CONFIRM
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acunetix — acunetix Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a “User Mode Write AV starting at reporter!madTraceProcess.” 2017-07-27 not yet calculated CVE-2017-11673
MISC
acunetix — acunetix
 
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a “Read Access Violation starting at reporter!madTraceProcess.” 2017-07-27 not yet calculated CVE-2017-11674
MISC
airlink101 — skyipcam1620w_wireless_n_mpeg4_3gpp_network_camera snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter. 2017-07-24 not yet calculated CVE-2015-2280
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DB
airlive — multiple_products
 
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an “&” (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter. 2017-07-24 not yet calculated CVE-2015-2279
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DB
apache — activemq_artemis
 
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors. 2017-07-25 not yet calculated CVE-2015-3208
MLIST
BID
CONFIRM
CONFIRM
apache — http_server
 
———————————————————————- WARNING – CVE-2016-0736 was assigned by redhat, not apache! Description from apache : In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. 2017-07-27 not yet calculated CVE-2016-0736
MISC
apache — http_server
 
———————————————————————- WARNING – CVE-2016-2161 was assigned by redhat, not apache! Description from apache : In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. 2017-07-27 not yet calculated CVE-2016-2161
MISC
apache — http_server
 
———————————————————————- WARNING – a refinement exists for CVE-2016-8743 : theall/20170425-084430 (delay queue)! Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. 2017-07-27 not yet calculated CVE-2016-8743
MISC
appserver — appserver
 
Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. 2017-07-24 not yet calculated CVE-2015-1847
CONFIRM
artifex — artifex_ghostscript psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. 2017-07-28 not yet calculated CVE-2017-11714
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9611
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. 2017-07-26 not yet calculated CVE-2017-9620
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. 2017-07-26 not yet calculated CVE-2017-9619
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9618
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9740
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9727
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9612
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9739
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9610
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9726
CONFIRM
CONFIRM
artifex — artifex_ghostscript
 
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.22 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. 2017-07-26 not yet calculated CVE-2017-9835
CONFIRM
CONFIRM
audiocoder — audiocoder Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. 2017-07-27 not yet calculated CVE-2017-8870
EXPLOIT-DB
avira — avira_antivirus
 
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. 2017-07-27 not yet calculated CVE-2016-10402
MISC
cacti — cacti
 
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. 2017-07-27 not yet calculated CVE-2017-11691
CONFIRM
CONFIRM
candlepin — candlepin
 
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. 2017-07-25 not yet calculated CVE-2015-5187
CONFIRM
cisco — asr_5000_series_aggregation_services_routers
 
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870. 2017-07-25 not yet calculated CVE-2017-6672
BID
SECTRACK
CONFIRM

cisco — asr_5000_series_aggregation_services_routers

 

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. 2017-07-25 not yet calculated CVE-2017-6612
BID
SECTRACK
CONFIRM
cisco — cloud_web_security
 
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2017-07-25 not yet calculated CVE-2015-0674
CISCO
cisco — residential_gateway
 
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd. 2017-07-23 not yet calculated CVE-2017-11588
MISC
BID
cisco — residential_gateway
 
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. 2017-07-23 not yet calculated CVE-2017-11589
MISC
cisco — residential_gateway
 
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI. 2017-07-23 not yet calculated CVE-2017-11587
MISC
cisco — web_security_appliance
 
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. 2017-07-25 not yet calculated CVE-2017-6750
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. 2017-07-25 not yet calculated CVE-2017-6751
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. 2017-07-25 not yet calculated CVE-2017-6746
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234. 2017-07-25 not yet calculated CVE-2017-6748
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. 2017-07-25 not yet calculated CVE-2017-6749
BID
SECTRACK
CONFIRM
cisco –webex A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037. 2017-07-25 not yet calculated CVE-2017-6753
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
cloud_foundry — capi_release
 
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. 2017-07-24 not yet calculated CVE-2017-8036
CONFIRM
cloud_foundry — capi_release
 
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. 2017-07-25 not yet calculated CVE-2017-8033
CONFIRM
cloud_foundry — capi_release
 
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. 2017-07-25 not yet calculated CVE-2017-8035
CONFIRM
dayrui — dayrui
 
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. 2017-07-26 not yet calculated CVE-2017-11629
MISC
debian — tor
 
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script). 2017-07-23 not yet calculated CVE-2017-11565
BID
CONFIRM
efront — efront Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 allows remote authenticated users to execute arbitrary code by uploading a file from a local URL, then accessing it via a direct request to the file in www/content/lessons/”lesson number”/”directory name”. 2017-07-25 not yet calculated CVE-2015-4462
CONFIRM
MISC
efront — efront
 
Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension prepended to a crafted parameter, then accessing it via a direct request to the file in www/content/lessons/”lesson number”/”directory name”. 2017-07-25 not yet calculated CVE-2015-4463
CONFIRM
MISC
exiv2 — exiv2
 
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. 2017-07-27 not yet calculated CVE-2017-11683
MISC
ffmpeg — ffmpeg
 
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. 2017-07-28 not yet calculated CVE-2017-11719
CONFIRM
ffmpeg — ffmpeg
 
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. 2017-07-27 not yet calculated CVE-2017-11665
MISC
fiyo — fiyo dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. 2017-07-26 not yet calculated CVE-2017-11631
MISC
fiyo — fiyo dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. 2017-07-26 not yet calculated CVE-2017-11630
MISC
foreman — foreman rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. 2017-07-21 not yet calculated CVE-2017-7540
MISC
freebsd — freebsd
 
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. 2017-07-25 not yet calculated CVE-2015-1417
BID
SECTRACK
FREEBSD
glpi — glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. 2017-07-28 not yet calculated CVE-2017-11184
CONFIRM
CONFIRM
glpi — glpi
 
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. 2017-07-28 not yet calculated CVE-2017-11183
CONFIRM
CONFIRM
gnu — gnu_compiler_collection
 
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. 2017-07-26 not yet calculated CVE-2017-11671
CONFIRM
CONFIRM
CONFIRM
google — chrome
 
Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization. 2017-07-23 not yet calculated CVE-2017-11593
CONFIRM
CONFIRM
google –android The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was “At the moment that is an accepted risk. We only have https on the checkout part of the site.” 2017-07-28 not yet calculated CVE-2017-11706
MISC
MISC
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. 2017-07-26 not yet calculated CVE-2017-11642
CONFIRM
graphicsmagick — graphicsmagick
 
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program’s actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop’s exit condition. 2017-07-28 not yet calculated CVE-2017-11722
MISC
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. 2017-07-26 not yet calculated CVE-2017-11636
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. 2017-07-26 not yet calculated CVE-2017-11643
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. 2017-07-26 not yet calculated CVE-2017-11641
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. 2017-07-26 not yet calculated CVE-2017-11638
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. 2017-07-26 not yet calculated CVE-2017-11637
CONFIRM
hangul — hangul
 
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a “type confusion” via an HWPX file containing a crafted para text tag. 2017-07-25 not yet calculated CVE-2015-6585
CONFIRM
BID
CONFIRM
CONFIRM
hashtopus — hashtopus
 
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. 2017-07-27 not yet calculated CVE-2017-11678
MISC
hashtopus — hashtopus
 
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. 2017-07-27 not yet calculated CVE-2017-11677
MISC
hashtopus — hashtopus
 
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. 2017-07-27 not yet calculated CVE-2017-11679
MISC
hashtopussy — hashtopussy
 
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. 2017-07-27 not yet calculated CVE-2017-11681
MISC
hashtopussy — hashtopussy
 
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. 2017-07-27 not yet calculated CVE-2017-11680
MISC
hashtopussy — hashtopussy
 
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. 2017-07-27 not yet calculated CVE-2017-11682
MISC
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. 2017-07-26 not yet calculated CVE-2017-11640
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. 2017-07-26 not yet calculated CVE-2017-11639
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. 2017-07-22 not yet calculated CVE-2017-11531
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. 2017-07-26 not yet calculated CVE-2017-11644
CONFIRM
intel — intel_processors Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state. 2017-07-26 not yet calculated CVE-2017-5691
CONFIRM
intense_pc — phoenix_securecore_uefi Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS. 2017-07-25 not yet calculated CVE-2017-9457
MISC
MISC
joomla — joomla!
 
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. 2017-07-26 not yet calculated CVE-2017-11612
CONFIRM
joomla — joomla!
 
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2017-07-25 not yet calculated CVE-2015-2798
BID
EXPLOIT-DB
koha — koha
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac-addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that execute arbitrary web script or HTML by adding a biblio to a list whose name contains web script or HTML. 2017-07-21 not yet calculated CVE-2015-4639
CONFIRM
kopano — kopano
 
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file. 2017-07-26 not yet calculated CVE-2017-11666
CONFIRM
lame — lame
 
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9411
MISC
lame — lame
 
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9412
MISC
lame — lame
 
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9410
MISC
lame –lame There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. 2017-07-28 not yet calculated CVE-2017-11720
MISC
libav — libav
 
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. 2017-07-27 not yet calculated CVE-2017-11684
MISC
libdeploypkg — libdeploypkg
 
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. 2017-07-28 not yet calculated CVE-2015-5191
CONFIRM
libjpeg-turbo — libjpeg-turbo
 
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. 2017-07-27 not yet calculated CVE-2017-9614
MISC
libtiff — libtiff
 
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. 2017-07-26 not yet calculated CVE-2017-11613
MISC

linux — linux_kernel

 

The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. 2017-07-25 not yet calculated CVE-2017-7541
CONFIRM
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM

linux — linux_kernel

 

net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. 2017-07-24 not yet calculated CVE-2017-11600
MISC
locationvalue — restaurant_karaoke_shidax
 
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. 2017-07-25 not yet calculated CVE-2015-0904
JVN
JVNDB
loomio — loomio
 
Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. 2017-07-23 not yet calculated CVE-2017-11594
CONFIRM
CONFIRM
CONFIRM
medhost — connex
 
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account. 2017-07-25 not yet calculated CVE-2017-11614
MISC
medhost — medhost
 
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents. 2017-07-28 not yet calculated CVE-2017-11694
MISC
medhost — medhost
 
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System. 2017-07-28 not yet calculated CVE-2017-11693
MISC
mediacoder — mediacoder
 
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. 2017-07-27 not yet calculated CVE-2017-8869
EXPLOIT-DB
mediawiki — mediawiki
 
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer’s credentials by leveraging knowledge of the credentials. 2017-07-25 not yet calculated CVE-2015-8009
MLIST
CONFIRM
metinfo — metinfo
 
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. 2017-07-28 not yet calculated CVE-2017-11715
MISC
metinfo — metinfo
 
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. 2017-07-28 not yet calculated CVE-2017-11716
MISC
metinfo — metinfo
 
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. 2017-07-28 not yet calculated CVE-2017-11718
MISC
metinfo — metinfo
 
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. 2017-07-28 not yet calculated CVE-2017-11717
MISC
ming — ming
 
A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 2017-07-28 not yet calculated CVE-2017-11705
MISC
MISC
ming — ming
 
A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 2017-07-28 not yet calculated CVE-2017-11703
MISC
MISC
ming — ming
 
A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 2017-07-28 not yet calculated CVE-2017-11704
MISC
MISC
mod_http2 — mod_http2 A maliciously constructed HTTP/2 request could cause mod_http2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. 2017-07-26 not yet calculated CVE-2017-7659
BID
SECTRACK
MLIST
mpg123 — mpg123
 
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. 2017-07-27 not yet calculated CVE-2017-9545
MISC
natapp — oncommand_api_services NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. 2017-07-25 not yet calculated CVE-2017-8919
BID
CONFIRM
netcomm — wireless_routers
 
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. 2017-07-28 not yet calculated CVE-2017-11645
MISC
netcomm — wireless_routers
 
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation. 2017-07-28 not yet calculated CVE-2017-11647
MISC
netcomm — wireless_routers
 
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device. 2017-07-28 not yet calculated CVE-2017-11646
MISC
nexusphp — nexusphp
 
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. 2017-07-26 not yet calculated CVE-2017-11651
MISC
node.js — node.js
 
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. 2017-07-25 not yet calculated CVE-2017-11499
CONFIRM
nss_compat_ossl — nss_compat_ossl
 
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. 2017-07-25 not yet calculated CVE-2015-3278
CONFIRM
ntp — ntp
 
The “pidfile” or “driftfile” directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. 2017-07-24 not yet calculated CVE-2015-7703
CONFIRM
BID
CONFIRM
GENTOO
ntp — ntp
 
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). 2017-07-21 not yet calculated CVE-2015-5300
CONFIRM
FEDORA
FEDORA
FEDORA
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
REDHAT
MLIST
CONFIRM
CONFIRM
DEBIAN
CONFIRM
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
FREEBSD
CONFIRM
CONFIRM
CONFIRM
nvidia — windows_gpu_display_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. 2017-07-28 not yet calculated CVE-2017-6260
CONFIRM

nvidia — windows_gpu_display_driver

 

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6251
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges 2017-07-28 not yet calculated CVE-2017-6257
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6252
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges 2017-07-28 not yet calculated CVE-2017-6253
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6255
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6256
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. 2017-07-28 not yet calculated CVE-2017-6259
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6254
CONFIRM
openjdk8 — openjdk8
 
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. 2017-07-25 not yet calculated CVE-2015-3149
REDHAT
BID
CONFIRM
openpgp.js — openpgp.js
 
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. 2017-07-25 not yet calculated CVE-2015-8013
MLIST
BID
CONFIRM
openproject — openproject
 
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. 2017-07-26 not yet calculated CVE-2017-11667
CONFIRM
CONFIRM
CONFIRM
oxide-qt — oxide-qt
 
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. 2017-07-25 not yet calculated CVE-2015-1332
CONFIRM
BID
UBUNTU
CONFIRM
panda_security — kernel_memory_access_driver
 
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. 2017-07-25 not yet calculated CVE-2015-1438
MISC
FULLDISC
FULLDISC
BID
MISC
php — php
 
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system’s php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. 2017-07-25 not yet calculated CVE-2017-11628
MISC
MISC
BID
MISC
qemu — qemu
 
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. 2017-07-25 not yet calculated CVE-2017-11434
MLIST
BID
CONFIRM
MLIST
qpdf — qpdf A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11624
MISC
MISC
qpdf — qpdf
 
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11626
MISC
MISC
qpdf — qpdf
 
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11625
MISC
MISC
qpdf — qpdf
 
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11627
MISC
MISC
quick_emulator — quick_emulator
 
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. 2017-07-25 not yet calculated CVE-2017-7980
UBUNTU
MLIST
BID
CONFIRM
GENTOO
redhat — arts_and_kdelibs
 
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. 2017-07-25 not yet calculated CVE-2015-7543
CONFIRM
resiprocate — resiprocate
 
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. 2017-07-22 not yet calculated CVE-2017-11521
CONFIRM
rsyslog — rsyslog
 
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. 2017-07-25 not yet calculated CVE-2015-3243
MLIST
MLIST
BID
SECTRACK
CONFIRM
sap — netweaver
 
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249. 2017-07-25 not yet calculated CVE-2017-11457
MISC
sap — netweaver
 
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. 2017-07-25 not yet calculated CVE-2017-11458
MISC
sap — trex
 
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. 2017-07-25 not yet calculated CVE-2017-11459
MISC
sendio — sendio Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. 2017-07-27 not yet calculated CVE-2016-10399
CONFIRM
simplerisk — simplerisk In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. 2017-07-24 not yet calculated CVE-2017-10711
MISC
MISC
sipcrack — sipcrack An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. 2017-07-26 not yet calculated CVE-2017-11654
MISC
sipcrack — sipcrack
 
A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. 2017-07-26 not yet calculated CVE-2017-11655
MISC
soundtouch — soundtouch The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9258
MISC
soundtouch — soundtouch
 
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9260
MISC
soundtouch — soundtouch
 
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9259
MISC
statamic — statamic_framework
 
Statamic framework before 2.6.0 does not correctly check a session’s permissions when the methods from a user’s class are called. Problematic methods include reset password, create new account, create new role, etc. 2017-07-24 not yet calculated CVE-2017-11422
MISC
synology — synology _diskstation_manager
 
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. 2017-07-24 not yet calculated CVE-2017-9554
CONFIRM
synology — synology _diskstation_manager
 
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. 2017-07-24 not yet calculated CVE-2017-9553
CONFIRM
tilde — tilde
 
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. 2017-07-24 not yet calculated CVE-2017-11325
MISC
vmware — vcenter_server
 
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. 2017-07-28 not yet calculated CVE-2017-4919
CONFIRM
waves — maxxaudio
 
Waves MaxxAudio, as installed on Dell laptops, adds a “WavesSysSvc” Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. 2017-07-26 not yet calculated CVE-2017-6005
MISC
wg-c10 — wg-c10
 
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2277
MISC
JVN
wildfly — wildfly
 
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a “/” at the end of a URL. 2017-07-21 not yet calculated CVE-2015-3198
CONFIRM
MISC
CONFIRM
MISC
wmr-433 — wmr-433 Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2273
CONFIRM
JVN
wordpress — wordpress In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) — however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00…/.%00…/ attack. 2017-07-26 not yet calculated CVE-2017-11658
MISC
MISC
wube — factorio A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. 2017-07-26 not yet calculated CVE-2017-11615
MISC
zencart — zencart The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. 2017-07-27 not yet calculated CVE-2017-11675
MISC
zenphoto — zenphoto
 
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. 2017-07-25 not yet calculated CVE-2015-5594
MISC
MLIST
CONFIRM
MISC
zoho — manageengine_event_log_analyzer
 
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user’s password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. 2017-07-27 not yet calculated CVE-2017-11686
MISC
zoho — manageengine_event_log_analyzer
 
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. 2017-07-27 not yet calculated CVE-2017-11685
MISC
zoho — manageengine_event_log_analyzer
 
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. 2017-07-27 not yet calculated CVE-2017-11687
MISC
zyxel — zyxel
 
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices). 2017-07-25 not yet calculated CVE-2016-10401
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

SB17-212: Vulnerability Summary for the Week of July 24, 2017

Original release date: July 31, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
appsec-labs — appsec_labs AppUse 4.0 allows shell command injection via a proxy field. 2017-07-25 7.2 CVE-2017-11566
MISC
buffalo — wapm-1166d_firmware WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. 2017-07-21 10.0 CVE-2017-2126
CONFIRM
JVN
finecms — finecms dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php. 2017-07-23 7.5 CVE-2017-11582
MISC
finecms — finecms dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php. 2017-07-23 7.5 CVE-2017-11583
MISC
finecms — finecms dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php. 2017-07-23 7.5 CVE-2017-11584
MISC
finecms — finecms dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. 2017-07-23 7.5 CVE-2017-11585
MISC
fortinet — fortiwlm A hard-coded account named ‘upgrade’ in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with ‘upgrade’ account privileges. 2017-07-22 7.5 CVE-2017-7336
BID
CONFIRM
geutebrueck — gcore Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. 2017-07-21 7.5 CVE-2017-11517
EXPLOIT-DB
greenpacket — dx-350_firmware Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account. 2017-07-21 7.5 CVE-2017-9932
MISC
greenpacket — dx-350_firmware In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the “PING” (aka tag_ipPing) feature within the web interface allows performing command injection, via the “pip” parameter. 2017-07-21 7.5 CVE-2017-9980
MISC
imagemagick — imagemagick Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. 2017-07-25 7.8 CVE-2016-7539
CONFIRM
MLIST
BID
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file. 2017-07-21 7.1 CVE-2017-11505
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. 2017-07-22 7.1 CVE-2017-11523
CONFIRM
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11525
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11526
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11527
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. 2017-07-22 7.1 CVE-2017-11530
CONFIRM
CONFIRM
inmarsat — amosconnect_8 Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager. 2017-07-22 10.0 CVE-2017-3222
BID
CERT-VN
libinfinity_project — libinfinity libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. 2017-07-21 7.5 CVE-2015-3886
MLIST
CONFIRM
CONFIRM
CONFIRM
CONFIRM
rootkit_hunter_project — rkhunter rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. 2017-07-21 7.5 CVE-2017-7480
MLIST
sony — wg-c10_firmware WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. 2017-07-21 9.0 CVE-2017-2275
MISC
JVN
sony — wg-c10_firmware Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. 2017-07-21 9.0 CVE-2017-2276
MISC
JVN
tcpdump — tcpdump tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c. 2017-07-22 7.5 CVE-2017-11541
BID
MISC
tcpdump — tcpdump tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c. 2017-07-22 7.5 CVE-2017-11542
BID
MISC
tcpdump — tcpdump tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c. 2017-07-22 7.5 CVE-2017-11543
BID
MISC
tilde_cms_project — tilde_cms An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. 2017-07-24 7.5 CVE-2017-11324
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ansible — ansible Ansible versions 2.2.3 and earlier are vulnerable to an information disclosure flaw due to the interaction of call back plugins and the no_log directive where the information may not be sanitized properly. 2017-07-21 5.0 CVE-2017-7473
MISC
atmail — atmail Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes. 2017-07-25 4.3 CVE-2017-11617
MISC
MISC
atutor — atutor Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack. 2017-07-22 5.0 CVE-2016-10400
MISC
MISC
buffalotech — wmr-433w_firmware Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 2017-07-21 4.3 CVE-2017-2274
CONFIRM
JVN
canonical — ubuntu_linux The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions. 2017-07-21 4.9 CVE-2015-1323
BID
UBUNTU
cisco — prime_collaboration_provisioning A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. 2017-07-25 4.3 CVE-2017-6755
BID
SECTRACK
CONFIRM
contao — contao_cms Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. 2017-07-21 6.5 CVE-2017-10993
CONFIRM
cygwin — cygwin Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. 2017-07-21 5.0 CVE-2017-7523
MISC
ektron — ektron_content_management_system Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. 2017-07-25 4.3 CVE-2016-6133
BUGTRAQ
eshop_project — eshop The eshop_checkout function in checkout.php in the WordPress Eshop plugin 6.3.11 and earlier does not validate variables in the “eshopcart” HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. 2017-07-21 4.3 CVE-2015-3421
BID
MISC
exiv2 — exiv2 There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. 2017-07-22 5.0 CVE-2017-11553
MISC
exiv2 — exiv2 There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. 2017-07-23 5.0 CVE-2017-11591
MISC
exiv2 — exiv2 There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. 2017-07-23 5.0 CVE-2017-11592
MISC
fedoraproject — fedora The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. 2017-07-21 5.0 CVE-2015-5194
CONFIRM
FEDORA
FEDORA
SUSE
SUSE
SUSE
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
fedoraproject — fedora ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. 2017-07-21 5.0 CVE-2015-5195
FEDORA
FEDORA
FEDORA
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
fedoraproject — fedora The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. 2017-07-21 5.0 CVE-2015-5219
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
SUSE
SUSE
REDHAT
REDHAT
DEBIAN
MLIST
BID
UBUNTU
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
fedoraproject — fedora Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. 2017-07-25 4.3 CVE-2015-5221
SUSE
SUSE
SUSE
MLIST
REDHAT
CONFIRM
CONFIRM
FEDORA
FEDORA
FEDORA
finecms — finecms dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a ‘<‘ character. 2017-07-23 4.3 CVE-2017-11581
MISC
finecms — finecms dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. 2017-07-23 5.8 CVE-2017-11586
MISC
fontforge — fontforge FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11569
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11568
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11570
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11571
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11572
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11573
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11574
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parsettf.c. 2017-07-23 6.8 CVE-2017-11575
MISC
fontforge_project — fontforge FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file. 2017-07-23 4.3 CVE-2017-11576
MISC
fontforge_project — fontforge FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file. 2017-07-23 6.8 CVE-2017-11577
MISC
gnome — libgxps There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. 2017-07-23 4.3 CVE-2017-11590
MISC
greenpacket — dx-350_firmware Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. 2017-07-21 6.8 CVE-2017-9930
MISC
greenpacket — dx-350_firmware Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. 2017-07-21 4.3 CVE-2017-9931
MISC
ibm — rhapsody_design_manager IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. 2017-07-24 4.9 CVE-2017-1287
CONFIRM
MISC
ibm — security_guardium IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. 2017-07-21 5.0 CVE-2017-1267
CONFIRM
BID
MISC
ibm — tririga_application_platform Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864. 2017-07-21 6.5 CVE-2017-1371
CONFIRM
MISC
ibm — tririga_application_platform Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866. 2017-07-21 6.5 CVE-2017-1373
CONFIRM
BID
MISC
ibm — tririga_application_platform Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867. 2017-07-21 4.0 CVE-2017-1374
CONFIRM
MISC
imagemagick — imagemagick The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. 2017-07-22 4.3 CVE-2017-11522
CONFIRM
CONFIRM
CONFIRM
imagemagick — imagemagick The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. 2017-07-22 4.3 CVE-2017-11524
BID
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. 2017-07-22 4.3 CVE-2017-11528
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file. 2017-07-22 4.3 CVE-2017-11529
CONFIRM
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteMPCImage() function in coders/mpc.c. 2017-07-22 4.3 CVE-2017-11532
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c. 2017-07-22 4.3 CVE-2017-11533
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c. 2017-07-22 4.3 CVE-2017-11534
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c. 2017-07-22 4.3 CVE-2017-11535
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c. 2017-07-22 4.3 CVE-2017-11536
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Floating Point Exception (FPE) in the WritePALMImage() function in coders/palm.c, related to an incorrect bits-per-pixel calculation. 2017-07-22 4.3 CVE-2017-11537
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c. 2017-07-22 4.3 CVE-2017-11538
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c. 2017-07-22 4.3 CVE-2017-11539
BID
CONFIRM
imagemagick — imagemagick When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c. 2017-07-22 4.3 CVE-2017-11540
BID
CONFIRM
inmarsat — amosconnect_8 Blind SQL injection in the AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. 2017-07-22 5.0 CVE-2017-3221
BID
CERT-VN
libexpat_project — libexpat XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. 2017-07-25 5.0 CVE-2017-9233
MLIST
BID
CONFIRM
CONFIRM
libsass — libsass There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. 2017-07-22 5.0 CVE-2017-11554
MISC
MISC
libsass — libsass There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. 2017-07-22 5.0 CVE-2017-11555
MISC
libsass — libsass There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. 2017-07-22 5.0 CVE-2017-11556
MISC
libsass — libsass There is a heap based buffer over-read in LibSass 3.4.5, related to address 0xb4803ea1. A crafted input will lead to a remote denial of service attack. 2017-07-24 4.3 CVE-2017-11605
BID
MISC
libsass — libsass There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. 2017-07-24 4.3 CVE-2017-11608
MISC
linux — linux_kernel The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. 2017-07-21 4.9 CVE-2017-7542
CONFIRM
BID
CONFIRM
microsec — e-szigno Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. 2017-07-21 6.8 CVE-2015-3931
MISC
MISC
BID
MISC
MISC
MISC
netlock — mokka Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. 2017-07-21 6.8 CVE-2015-3932
MISC
MISC
BID
MISC
MISC
phpmybackuppro — phpmybackuppro phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. 2017-07-21 6.5 CVE-2015-3638
MLIST
MLIST
SECTRACK
phpmybackuppro — phpmybackuppro phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. 2017-07-21 6.5 CVE-2015-3639
MLIST
MLIST
SECTRACK
phpmybackuppro — phpmybackuppro phpMyBackupPro 2.5 and earlier does not properly escape the “.” character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. 2017-07-21 6.0 CVE-2015-3640
MLIST
SECTRACK
sap — netweaver_portal Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. 2017-07-25 4.3 CVE-2017-11460
BID
MISC
subsonic — subsonic Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks. 2017-07-25 6.8 CVE-2017-9413
MISC
EXPLOIT-DB
subsonic — subsonic Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view. 2017-07-21 5.1 CVE-2017-9415
EXPLOIT-DB
tcpdump — tcpdump tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:229:3. 2017-07-22 5.0 CVE-2017-11544
BID
MISC
tcpdump — tcpdump tcpdump 4.9.0 has a Segmentation Violation in the compressed_sl_print function in print-sl.c:253:34. 2017-07-22 5.0 CVE-2017-11545
BID
MISC
tilde_cms_project — tilde_cms An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. 2017-07-24 5.0 CVE-2017-11326
MISC
tilde_cms_project — tilde_cms An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload. 2017-07-24 4.0 CVE-2017-11327
MISC
tp-link — archer_c9_(2.0)_firmware passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. 2017-07-21 5.0 CVE-2017-11519
MISC
MISC
tukaani — xz scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name. 2017-07-25 4.6 CVE-2015-4035
MLIST
MLIST
CONFIRM
CONFIRM
yiiframework — yii An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. 2017-07-21 4.3 CVE-2017-11516
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
ibm — emptoris_strategic_supply_management IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118356. 2017-07-24 3.5 CVE-2016-6118
CONFIRM
BID
MISC
ibm — rational_software_architect_design_manager IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124580. 2017-07-24 3.5 CVE-2017-1245
CONFIRM
MISC
ibm — rhapsody_design_manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118912. 2017-07-24 3.5 CVE-2016-8975
CONFIRM
MISC
ibm — rhapsody_design_manager IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2017-07-24 3.5 CVE-2017-1249
CONFIRM
MISC
ibm — tririga_application_platform IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865. 2017-07-21 3.5 CVE-2017-1372
CONFIRM
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127151. 2017-07-24 3.5 CVE-2017-1380
CONFIRM
BID
SECTRACK
MISC
ibm — websphere_application_server IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152. 2017-07-21 2.1 CVE-2017-1381
CONFIRM
BID
MISC
ibm — websphere_application_server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. IBM X-Force ID: 127153. 2017-07-24 3.6 CVE-2017-1382
CONFIRM
BID
SECTRACK
MISC
selinux_project — selinux selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. 2017-07-21 2.1 CVE-2015-3170
CONFIRM
sos_project — sos sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive. 2017-07-25 2.1 CVE-2015-3171
CONFIRM
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acunetix — acunetix Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a “User Mode Write AV starting at reporter!madTraceProcess.” 2017-07-27 not yet calculated CVE-2017-11673
MISC
acunetix — acunetix
 
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a “Read Access Violation starting at reporter!madTraceProcess.” 2017-07-27 not yet calculated CVE-2017-11674
MISC
airlink101 — skyipcam1620w_wireless_n_mpeg4_3gpp_network_camera snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter. 2017-07-24 not yet calculated CVE-2015-2280
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DB
airlive — multiple_products
 
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an “&” (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter. 2017-07-24 not yet calculated CVE-2015-2279
MISC
FULLDISC
BUGTRAQ
BID
MISC
EXPLOIT-DB
apache — activemq_artemis
 
XML external entity (XXE) vulnerability in the XPath selector component in Artemis ActiveMQ before commit 48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to have unspecified impact via unknown vectors. 2017-07-25 not yet calculated CVE-2015-3208
MLIST
BID
CONFIRM
CONFIRM
apache — http_server
 
———————————————————————- WARNING – CVE-2016-0736 was assigned by redhat, not apache! Description from apache : In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. 2017-07-27 not yet calculated CVE-2016-0736
MISC
apache — http_server
 
———————————————————————- WARNING – CVE-2016-2161 was assigned by redhat, not apache! Description from apache : In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. 2017-07-27 not yet calculated CVE-2016-2161
MISC
apache — http_server
 
———————————————————————- WARNING – a refinement exists for CVE-2016-8743 : theall/20170425-084430 (delay queue)! Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. 2017-07-27 not yet calculated CVE-2016-8743
MISC
appserver — appserver
 
Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. 2017-07-24 not yet calculated CVE-2015-1847
CONFIRM
artifex — artifex_ghostscript psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. 2017-07-28 not yet calculated CVE-2017-11714
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9611
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function. 2017-07-26 not yet calculated CVE-2017-9620
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file. 2017-07-26 not yet calculated CVE-2017-9619
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9618
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9740
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9727
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9612
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9739
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9610
CONFIRM
CONFIRM
artifex — artifex_ghostscript_ghostxps
 
The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.22 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. 2017-07-26 not yet calculated CVE-2017-9726
CONFIRM
CONFIRM
artifex — artifex_ghostscript
 
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.22 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. 2017-07-26 not yet calculated CVE-2017-9835
CONFIRM
CONFIRM
audiocoder — audiocoder Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file. 2017-07-27 not yet calculated CVE-2017-8870
EXPLOIT-DB
avira — avira_antivirus
 
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer overflow and heap-based buffer underflow. 2017-07-27 not yet calculated CVE-2016-10402
MISC
cacti — cacti
 
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. 2017-07-27 not yet calculated CVE-2017-11691
CONFIRM
CONFIRM
candlepin — candlepin
 
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. 2017-07-25 not yet calculated CVE-2015-5187
CONFIRM
cisco — asr_5000_series_aggregation_services_routers
 
A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to bypass ACL rules that have been configured for an affected device. More Information: CSCvb99022 CSCvc16964 CSCvc37351 CSCvc54843 CSCvc63444 CSCvc77815 CSCvc88658 CSCve08955 CSCve14141 CSCve33870. 2017-07-25 not yet calculated CVE-2017-6672
BID
SECTRACK
CONFIRM

cisco — asr_5000_series_aggregation_services_routers

 

A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5000 Series Aggregation Services Routers 17.3.9.62033 through 21.1.2 could allow an unauthenticated, remote attacker to redirect HTTP traffic sent to an affected device. More Information: CSCvc67927. 2017-07-25 not yet calculated CVE-2017-6612
BID
SECTRACK
CONFIRM
cisco — cloud_web_security
 
Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. 2017-07-25 not yet calculated CVE-2015-0674
CISCO
cisco — residential_gateway
 
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is remote command execution via shell metacharacters in the pingAddr parameter to the waitPingqry.cgi URI. The command output is visible at /PingMsg.cmd. 2017-07-23 not yet calculated CVE-2017-11588
MISC
BID
cisco — residential_gateway
 
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd. 2017-07-23 not yet calculated CVE-2017-11589
MISC
cisco — residential_gateway
 
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI. 2017-07-23 not yet calculated CVE-2017-11587
MISC
cisco — web_security_appliance
 
A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated, remote attacker to authenticate to certain areas of the web GUI, aka a Static Credentials Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCve06124. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270. 2017-07-25 not yet calculated CVE-2017-6750
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485. 2017-07-25 not yet calculated CVE-2017-6751
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235. 2017-07-25 not yet calculated CVE-2017-6746
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the CLI parser of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid operator-level or administrator-level credentials. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88855. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-234. 2017-07-25 not yet calculated CVE-2017-6748
BID
SECTRACK
CONFIRM
cisco — web_security_appliance
 
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88865. Known Affected Releases: 10.1.0-204. 2017-07-25 not yet calculated CVE-2017-6749
BID
SECTRACK
CONFIRM
cisco –webex A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037. 2017-07-25 not yet calculated CVE-2017-6753
BID
SECTRACK
SECTRACK
SECTRACK
CONFIRM
cloud_foundry — capi_release
 
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. 2017-07-24 not yet calculated CVE-2017-8036
CONFIRM
cloud_foundry — capi_release
 
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. 2017-07-25 not yet calculated CVE-2017-8033
CONFIRM
cloud_foundry — capi_release
 
An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. 2017-07-25 not yet calculated CVE-2017-8035
CONFIRM
dayrui — dayrui
 
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. 2017-07-26 not yet calculated CVE-2017-11629
MISC
debian — tor
 
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script). 2017-07-23 not yet calculated CVE-2017-11565
BID
CONFIRM
efront — efront Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 allows remote authenticated users to execute arbitrary code by uploading a file from a local URL, then accessing it via a direct request to the file in www/content/lessons/”lesson number”/”directory name”. 2017-07-25 not yet calculated CVE-2015-4462
CONFIRM
MISC
efront — efront
 
Unrestricted file upload vulnerability in eFront CMS before 3.6.15.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension prepended to a crafted parameter, then accessing it via a direct request to the file in www/content/lessons/”lesson number”/”directory name”. 2017-07-25 not yet calculated CVE-2015-4463
CONFIRM
MISC
exiv2 — exiv2
 
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. 2017-07-27 not yet calculated CVE-2017-11683
MISC
ffmpeg — ffmpeg
 
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file. 2017-07-28 not yet calculated CVE-2017-11719
CONFIRM
ffmpeg — ffmpeg
 
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream. 2017-07-27 not yet calculated CVE-2017-11665
MISC
fiyo — fiyo dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. 2017-07-26 not yet calculated CVE-2017-11631
MISC
fiyo — fiyo dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853. 2017-07-26 not yet calculated CVE-2017-11630
MISC
foreman — foreman rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation. 2017-07-21 not yet calculated CVE-2017-7540
MISC
freebsd — freebsd
 
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections. 2017-07-25 not yet calculated CVE-2015-1417
BID
SECTRACK
FREEBSD
glpi — glpi SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. 2017-07-28 not yet calculated CVE-2017-11184
CONFIRM
CONFIRM
glpi — glpi
 
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter. 2017-07-28 not yet calculated CVE-2017-11183
CONFIRM
CONFIRM
gnu — gnu_compiler_collection
 
Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. 2017-07-26 not yet calculated CVE-2017-11671
CONFIRM
CONFIRM
CONFIRM
google — chrome
 
Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst files that are designed to be viewed in the browser as plain text, but that will be converted to HTML without proper sanitization. 2017-07-23 not yet calculated CVE-2017-11593
CONFIRM
CONFIRM
google –android The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was “At the moment that is an accepted risk. We only have https on the checkout part of the site.” 2017-07-28 not yet calculated CVE-2017-11706
MISC
MISC
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11638. 2017-07-26 not yet calculated CVE-2017-11642
CONFIRM
graphicsmagick — graphicsmagick
 
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program’s actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop’s exit condition. 2017-07-28 not yet calculated CVE-2017-11722
MISC
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths. 2017-07-26 not yet calculated CVE-2017-11636
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() function in coders/cmyk.c when processing multiple frames that have non-identical widths. 2017-07-26 not yet calculated CVE-2017-11643
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) files. 2017-07-26 not yet calculated CVE-2017-11641
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642. 2017-07-26 not yet calculated CVE-2017-11638
CONFIRM
graphicsmagick — graphicsmagick
 
GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLImage() function in coders/pcl.c during writes of monochrome images. 2017-07-26 not yet calculated CVE-2017-11637
CONFIRM
hangul — hangul
 
hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a “type confusion” via an HWPX file containing a crafted para text tag. 2017-07-25 not yet calculated CVE-2015-6585
CONFIRM
BID
CONFIRM
CONFIRM
hashtopus — hashtopus
 
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. 2017-07-27 not yet calculated CVE-2017-11678
MISC
hashtopus — hashtopus
 
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. 2017-07-27 not yet calculated CVE-2017-11677
MISC
hashtopus — hashtopus
 
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action. 2017-07-27 not yet calculated CVE-2017-11679
MISC
hashtopussy — hashtopussy
 
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php. 2017-07-27 not yet calculated CVE-2017-11681
MISC
hashtopussy — hashtopussy
 
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php. 2017-07-27 not yet calculated CVE-2017-11680
MISC
hashtopussy — hashtopussy
 
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. 2017-07-27 not yet calculated CVE-2017-11682
MISC
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. 2017-07-26 not yet calculated CVE-2017-11640
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c, related to the GetPixelLuma function in MagickCore/pixel-accessor.h. 2017-07-26 not yet calculated CVE-2017-11639
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c. 2017-07-22 not yet calculated CVE-2017-11531
CONFIRM
imagemagick — imagemagick
 
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadMATImage() function in coders/mat.c. 2017-07-26 not yet calculated CVE-2017-11644
CONFIRM
intel — intel_processors Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state. 2017-07-26 not yet calculated CVE-2017-5691
CONFIRM
intense_pc — phoenix_securecore_uefi Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS. 2017-07-25 not yet calculated CVE-2017-9457
MISC
MISC
joomla — joomla!
 
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. 2017-07-26 not yet calculated CVE-2017-11612
CONFIRM
joomla — joomla!
 
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. 2017-07-25 not yet calculated CVE-2015-2798
BID
EXPLOIT-DB
koha — koha
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha Libraries 3.20.x before 3.20.1, 3.14.x before 3.14.16, 3.16.x before 3.16.12 allow remote attackers to (1) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via the addshelf parameter to opac-shelves.pl, (2) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that inject arbitrary web script or HTML via an unspecified list name parameter to opac-addbybiblionumber.pl, (3) hijack the authentication of library administrator users for requests that execute arbitrary web script or HTML via virtualshelves/shelves.pl when a shelf name contains web script or HTML, or (4) hijack the authentication of users with access to the OPAC interface and who have permissions to create public lists for requests that execute arbitrary web script or HTML by adding a biblio to a list whose name contains web script or HTML. 2017-07-21 not yet calculated CVE-2015-4639
CONFIRM
kopano — kopano
 
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file. 2017-07-26 not yet calculated CVE-2017-11666
CONFIRM
lame — lame
 
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9411
MISC
lame — lame
 
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9412
MISC
lame — lame
 
The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9410
MISC
lame –lame There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. 2017-07-28 not yet calculated CVE-2017-11720
MISC
libav — libav
 
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. 2017-07-27 not yet calculated CVE-2017-11684
MISC
libdeploypkg — libdeploypkg
 
VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. 2017-07-28 not yet calculated CVE-2015-5191
CONFIRM
libjpeg-turbo — libjpeg-turbo
 
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. 2017-07-27 not yet calculated CVE-2017-9614
MISC
libtiff — libtiff
 
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer. 2017-07-26 not yet calculated CVE-2017-11613
MISC

linux — linux_kernel

 

The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet. 2017-07-25 not yet calculated CVE-2017-7541
CONFIRM
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM

linux — linux_kernel

 

net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. 2017-07-24 not yet calculated CVE-2017-11600
MISC
locationvalue — restaurant_karaoke_shidax
 
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. 2017-07-25 not yet calculated CVE-2015-0904
JVN
JVNDB
loomio — loomio
 
Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment. 2017-07-23 not yet calculated CVE-2017-11594
CONFIRM
CONFIRM
CONFIRM
medhost — connex
 
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilizes an IBM i DB2 user account for database access. The account name is HMSCXPDN. Its password is hard-coded in multiple places in the application. Customers do not have the option to change this password. The account has elevated DB2 roles, and can access all objects or database tables on the customer DB2 database. This account can access data through ODBC, FTP, and TELNET. Customers without Connex installed are still vulnerable because the MEDHOST setup program creates this account. 2017-07-25 not yet calculated CVE-2017-11614
MISC
medhost — medhost
 
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents. 2017-07-28 not yet calculated CVE-2017-11694
MISC
medhost — medhost
 
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System. 2017-07-28 not yet calculated CVE-2017-11693
MISC
mediacoder — mediacoder
 
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file. 2017-07-27 not yet calculated CVE-2017-8869
EXPLOIT-DB
mediawiki — mediawiki
 
The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer’s credentials by leveraging knowledge of the credentials. 2017-07-25 not yet calculated CVE-2015-8009
MLIST
CONFIRM
metinfo — metinfo
 
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. 2017-07-28 not yet calculated CVE-2017-11715
MISC
metinfo — metinfo
 
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. 2017-07-28 not yet calculated CVE-2017-11716
MISC
metinfo — metinfo
 
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. 2017-07-28 not yet calculated CVE-2017-11718
MISC
metinfo — metinfo
 
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page. 2017-07-28 not yet calculated CVE-2017-11717
MISC
ming — ming
 
A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 2017-07-28 not yet calculated CVE-2017-11705
MISC
MISC
ming — ming
 
A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 2017-07-28 not yet calculated CVE-2017-11703
MISC
MISC
ming — ming
 
A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 2017-07-28 not yet calculated CVE-2017-11704
MISC
MISC
mod_http2 — mod_http2 A maliciously constructed HTTP/2 request could cause mod_http2 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. 2017-07-26 not yet calculated CVE-2017-7659
BID
SECTRACK
MLIST
mpg123 — mpg123
 
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file. 2017-07-27 not yet calculated CVE-2017-9545
MISC
natapp — oncommand_api_services NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. 2017-07-25 not yet calculated CVE-2017-8919
BID
CONFIRM
netcomm — wireless_routers
 
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. 2017-07-28 not yet calculated CVE-2017-11645
MISC
netcomm — wireless_routers
 
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation. 2017-07-28 not yet calculated CVE-2017-11647
MISC
netcomm — wireless_routers
 
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device. 2017-07-28 not yet calculated CVE-2017-11646
MISC
nexusphp — nexusphp
 
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. 2017-07-26 not yet calculated CVE-2017-11651
MISC
node.js — node.js
 
Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This was a result of building with V8 snapshots enabled by default which caused the initially randomized seed to be overwritten on startup. 2017-07-25 not yet calculated CVE-2017-11499
CONFIRM
nss_compat_ossl — nss_compat_ossl
 
The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impact via unknown vectors. 2017-07-25 not yet calculated CVE-2015-3278
CONFIRM
ntp — ntp
 
The “pidfile” or “driftfile” directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. 2017-07-24 not yet calculated CVE-2015-7703
CONFIRM
BID
CONFIRM
GENTOO
ntp — ntp
 
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). 2017-07-21 not yet calculated CVE-2015-5300
CONFIRM
FEDORA
FEDORA
FEDORA
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
SUSE
REDHAT
MLIST
CONFIRM
CONFIRM
DEBIAN
CONFIRM
BID
SECTRACK
UBUNTU
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
FREEBSD
CONFIRM
CONFIRM
CONFIRM
nvidia — windows_gpu_display_driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. 2017-07-28 not yet calculated CVE-2017-6260
CONFIRM

nvidia — windows_gpu_display_driver

 

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6251
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges 2017-07-28 not yet calculated CVE-2017-6257
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6252
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privileges 2017-07-28 not yet calculated CVE-2017-6253
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6255
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6256
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service. 2017-07-28 not yet calculated CVE-2017-6259
CONFIRM
nvidia — windows_gpu_display_driver
 
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges. 2017-07-28 not yet calculated CVE-2017-6254
CONFIRM
openjdk8 — openjdk8
 
The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack. 2017-07-25 not yet calculated CVE-2015-3149
REDHAT
BID
CONFIRM
openpgp.js — openpgp.js
 
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. 2017-07-25 not yet calculated CVE-2015-8013
MLIST
BID
CONFIRM
openproject — openproject
 
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. 2017-07-26 not yet calculated CVE-2017-11667
CONFIRM
CONFIRM
CONFIRM
oxide-qt — oxide-qt
 
The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and Ubuntu 14.04 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted website. 2017-07-25 not yet calculated CVE-2015-1332
CONFIRM
BID
UBUNTU
CONFIRM
panda_security — kernel_memory_access_driver
 
Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers. 2017-07-25 not yet calculated CVE-2015-1438
MISC
FULLDISC
FULLDISC
BID
MISC
php — php
 
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system’s php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. 2017-07-25 not yet calculated CVE-2017-11628
MISC
MISC
BID
MISC
qemu — qemu
 
The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. 2017-07-25 not yet calculated CVE-2017-11434
MLIST
BID
CONFIRM
MLIST
qpdf — qpdf A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11624
MISC
MISC
qpdf — qpdf
 
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11626
MISC
MISC
qpdf — qpdf
 
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11625
MISC
MISC
qpdf — qpdf
 
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an “infinite loop.” 2017-07-25 not yet calculated CVE-2017-11627
MISC
MISC
quick_emulator — quick_emulator
 
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. 2017-07-25 not yet calculated CVE-2017-7980
UBUNTU
MLIST
BID
CONFIRM
GENTOO
redhat — arts_and_kdelibs
 
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. 2017-07-25 not yet calculated CVE-2015-7543
CONFIRM
resiprocate — resiprocate
 
The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections. 2017-07-22 not yet calculated CVE-2017-11521
CONFIRM
rsyslog — rsyslog
 
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. 2017-07-25 not yet calculated CVE-2015-3243
MLIST
MLIST
BID
SECTRACK
CONFIRM
sap — netweaver
 
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249. 2017-07-25 not yet calculated CVE-2017-11457
MISC
sap — netweaver
 
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. 2017-07-25 not yet calculated CVE-2017-11458
MISC
sap — trex
 
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. 2017-07-25 not yet calculated CVE-2017-11459
MISC
sendio — sendio Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. 2017-07-27 not yet calculated CVE-2016-10399
CONFIRM
simplerisk — simplerisk In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter. 2017-07-24 not yet calculated CVE-2017-10711
MISC
MISC
sipcrack — sipcrack An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. 2017-07-26 not yet calculated CVE-2017-11654
MISC
sipcrack — sipcrack
 
A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions. 2017-07-26 not yet calculated CVE-2017-11655
MISC
soundtouch — soundtouch The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9258
MISC
soundtouch — soundtouch
 
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9260
MISC
soundtouch — soundtouch
 
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file. 2017-07-27 not yet calculated CVE-2017-9259
MISC
statamic — statamic_framework
 
Statamic framework before 2.6.0 does not correctly check a session’s permissions when the methods from a user’s class are called. Problematic methods include reset password, create new account, create new role, etc. 2017-07-24 not yet calculated CVE-2017-11422
MISC
synology — synology _diskstation_manager
 
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors. 2017-07-24 not yet calculated CVE-2017-9554
CONFIRM
synology — synology _diskstation_manager
 
A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. 2017-07-24 not yet calculated CVE-2017-9553
CONFIRM
tilde — tilde
 
An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. 2017-07-24 not yet calculated CVE-2017-11325
MISC
vmware — vcenter_server
 
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate. 2017-07-28 not yet calculated CVE-2017-4919
CONFIRM
waves — maxxaudio
 
Waves MaxxAudio, as installed on Dell laptops, adds a “WavesSysSvc” Windows service with File Version 1.1.6.0. This service has a vulnerability known as Unquoted Service Path. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. 2017-07-26 not yet calculated CVE-2017-6005
MISC
wg-c10 — wg-c10
 
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2277
MISC
JVN
wildfly — wildfly
 
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a “/” at the end of a URL. 2017-07-21 not yet calculated CVE-2015-3198
CONFIRM
MISC
CONFIRM
MISC
wmr-433 — wmr-433 Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2017-07-21 not yet calculated CVE-2017-2273
CONFIRM
JVN
wordpress — wordpress In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) — however, this is insufficient to stop remote attacks and can be bypassed by using 0x00 bytes, as demonstrated by a .%00…/.%00…/ attack. 2017-07-26 not yet calculated CVE-2017-11658
MISC
MISC
wube — factorio A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library. 2017-07-26 not yet calculated CVE-2017-11615
MISC
zencart — zencart The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. 2017-07-27 not yet calculated CVE-2017-11675
MISC
zenphoto — zenphoto
 
The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. 2017-07-25 not yet calculated CVE-2015-5594
MISC
MLIST
CONFIRM
MISC
zoho — manageengine_event_log_analyzer
 
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user’s password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. 2017-07-27 not yet calculated CVE-2017-11686
MISC
zoho — manageengine_event_log_analyzer
 
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. 2017-07-27 not yet calculated CVE-2017-11685
MISC
zoho — manageengine_event_log_analyzer
 
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. 2017-07-27 not yet calculated CVE-2017-11687
MISC
zyxel — zyxel
 
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices). 2017-07-25 not yet calculated CVE-2016-10401
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

Space Flight Ionizing Radiation Environments

Abstract: The space-flight ionizing radiation (IR) environment is dominated by very high-kinetic energy-charged particles with relatively smaller contributions from X-rays and gamma rays. The Earth’s surface IR environment is not dominated by the natural radioisotope decay processes. Dr. Steven Koontz’s lecture will provide a solid foundation in the basic engineering physics of space radiation environments, beginning with the space radiation environment on the International Space Station and moving out…

Vegetated land cover near residence is associated with reduced allostatic load and improved biomarkers of neuroendocrine, metabolic and immune functions

Abstract Background: Greater exposure to urban green spaces has been linked to reduced risks of depression, cardiovascular disease, diabetes and premature death. Alleviation of chronic stress is a hypothesized pathway to improved health. Previous studies linked chronic stress with biomarker-based measures of physiological dysregulation known as allostatic load. This study aimed to assess the relationship between vegetated land cover near residences and allostatic load. Methods: This cross-sectional population-based study involved 204 adult residents of the Durham-Chapel Hill, North Carolina metropolitan area. Exposure was quantified using high-resolution metrics of trees and herbaceous vegetation within 500 m of each residence derived from the U.S. Environmental Protection Agency’s EnviroAtlas land cover dataset. Eighteen biomarkers of immune, neuroendocrine, and metabolic functions were measured in serum or saliva samples. Allostatic load was defined as a sum of biomarker values dichotomized at specific percentiles of sample distribution. Regression analysis was conducted using generalized additive models with two-dimensional spline smoothing function of geographic coordinates, weighted measures of vegetated land cover allowing decay of effects with distance, and geographic and demographic covariates. Results: An inter-quartile range increase in distance-weighted vegetated land cover was associated with 37% (46%; 27%) reduced allostatic load; significantly reduced adjusted odds of having low level of serum norepinephrine, dopamine, and dehydroepiandrosterone, high level of epinephrine, fibrinogen, vascular cell adhesion molecule-1, interleukin-8, and salivary α-amylase; and previously diagnosed depression. Conclusions: The observed effects of vegetated land cover on allostatic load and individual biomarkers are consistent with prevention of depression, cardiovascular disease and premature mortality.

Respiratory Effects and Systemic Stress Response Following Acute Acrolein Inhalation in Rats#

Previous studies have demonstrated that exposure to the pulmonary irritant ozone causes myriad systemic metabolic
and pulmonary effects attributed to sympathetic and hypothalamus-pituitary-adrenal (HPA) axis activation, which
are exacerbated in metabolically impaired models. We examined respiratory and systemic effects following
exposure to a sensory irritant acrolein to elucidate the systemic and pulmonary consequences in healthy and diabetic
rat models. Male Wistar and Goto Kakizaki (GK) rats, a nonobese type II diabetic Wistar-derived model, were
exposed by inhalation to 0, 2, or 4 ppm acrolein, 4 h/d for 1 or 2 days. Exposure at 4 ppm significantly increased
pulmonary and nasal inflammation in both strains with vascular protein leakage occurring only in the nose. Acrolein
exposure (4 ppm) also caused metabolic impairment by inducing hyperglycemia and glucose intolerance (GK >
Wistar). Serum total cholesterol (GKs only), low-density lipoprotein (LDL) cholesterol (both strains), and free fatty
acids (GK > Wistar) levels increased; however, no acrolein-induced changes were noted in branched-chain amino
acid or insulin levels. These responses corresponded with a significant increase in corticosterone and modest but
insignificant increases in adrenaline in both strains, suggesting activation of the HPA axis. Collectively, these data
demonstrate that acrolein exposure has a profound effect on nasal and pulmonary inflammation, as well as glucose
and lipid metabolism, with the systemic effects exacerbated in the metabolically impaired GKs. These results are
similar to ozone-induced responses with the exception of lung protein leakage and ability to alter branched-chain
amino acid and insulin levels, suggesting some differences in neuroendocrine regulation of these two air pollutants.

Sunrise Through the Solar Arrays

On July 26, 2017, a member of the Expedition 52 crew aboard the International Space Station took this photograph of one of the 16 sunrises they experience every day, as the orbiting laboratory travels around Earth. One of the solar panels that provides power to the station is seen in the upper left.

3D Material Response Analysis of PICA Pyrolysis Experiments

Abstract: Primarily interested in improving ablation modeling for use in inverse reconstruction of flight environments on ablative heat shields. Ablation model is essentially a component of the heat flux sensor, so model uncertainties lead to measurement uncertainties. Non-equilibrium processes have been known to be significant in low density ablators for a long time, but increased accuracy requirements of the reconstruction process necessitates incorporating this physical effect. Attempting to develop…

Unexpected Control Structure Interaction on International Space Station

Abstract: On June 23, 2011, the International Space Station (ISS) was performing a routine 180 degree yaw maneuver in support of a Russian vehicle docking when the on board Russian Segment (RS) software unexpectedly declared two attitude thrusters failed and switched thruster configurations in response to unanticipated ISS dynamic motion. Flight data analysis after the maneuver indicated that higher than predicted structural loads had been induced at various locations on the United States (U.S.) segmen…