Security Vulnerabilities - CVEs Published In April 2017
Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connection pool of an SSL server.
CVSS Score
5.9
EPSS Score
0.005
Published
2017-04-11
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-04-11
The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 HF1, 11.5.4 - 11.5.4 HF2, when configured as a SAML Identity Provider with a Service Provider (SP) connector, might allow traffic to be disrupted or failover initiated when a malformed, signed SAML authentication request from an authenticated user is sent via the SP connector.
CVSS Score
5.3
EPSS Score
0.016
Published
2017-04-11
Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/home.php. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-11
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-04-10
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
CVSS Score
8.1
EPSS Score
0.012
Published
2017-04-10
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to browse the server's filesystem and read the contents of arbitrary files contained within.
CVSS Score
6.5
EPSS Score
0.008
Published
2017-04-10
SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.027
Published
2017-04-10
Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
CVSS Score
8.1
EPSS Score
0.006
Published
2017-04-10
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
CVSS Score
8.8
EPSS Score
0.028
Published
2017-04-10