Security Vulnerabilities - CVEs Published In January 2018
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-01-16
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-01-16
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-16
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002010.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-16
In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80002054.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-16
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-16
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
CVSS Score
6.1
EPSS Score
0.015
Published
2018-01-16
Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-01-16
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.
CVSS Score
5.5
EPSS Score
0.017
Published
2018-01-16
Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 108501.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-01-16