Security Vulnerabilities - CVEs Published In April 2017
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-10
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788.
CVSS Score
6.5
EPSS Score
0.009
Published
2017-04-10
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-04-10
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-04-10
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
CVSS Score
7.5
EPSS Score
0.646
Published
2017-04-10
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-04-10
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
CVSS Score
8.8
EPSS Score
0.184
Published
2017-04-10
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
CVSS Score
7.5
EPSS Score
0.007
Published
2017-04-10
In ImageMagick 7.0.4-9, an infinite loop can occur because of a floating-point rounding error in some of the color algorithms. This affects ModulateHSL, ModulateHCL, ModulateHCLp, ModulateHSB, ModulateHSI, ModulateHSV, ModulateHWB, ModulateLCHab, and ModulateLCHuv.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-04-10
Opmantek NMIS before 8.5.12G has XSS via SNMP.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-10