Security Vulnerabilities - CVEs Published In March 2017
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVSS Score
7.5
EPSS Score
0.526
Published
2017-03-31
Cross-site scripting (XSS) vulnerability in Nagios.
CVSS Score
6.1
EPSS Score
0.008
Published
2017-03-31
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-03-31
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.037
Published
2017-03-31
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-03-31
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2.
CVSS Score
4.8
EPSS Score
0.006
Published
2017-03-31
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. This is fixed in 1.3.9, 2.1.3, and 2.2.3. Note that this vulnerability is not exploitable if the admin tools directory is removed, as recommended in the "Post-installation and upgrade tasks" of the MantisBT Admin Guide. A reminder to do so is also displayed on the login page.
CVSS Score
4.8
EPSS Score
0.007
Published
2017-03-31
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
CVSS Score
4.8
EPSS Score
0.025
Published
2017-03-31
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-03-31
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-03-31