Security Vulnerabilities - CVEs Published In January 2018
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-12
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-01-12
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-01-12
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.005
Published
2018-01-12
Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-01-12
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.
CVSS Score
8.8
EPSS Score
0.039
Published
2018-01-12
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-12
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-01-12
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-01-12
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-01-12