Security Vulnerabilities - CVEs Published In April 2017
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-04-10
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.
CVSS Score
7.5
EPSS Score
0.037
Published
2017-04-10
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-04-10
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to read arbitrary files via crafted EDOC files.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-04-10
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.012
Published
2017-04-10
OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-04-10
Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-04-10
Atlassian JIRA Server before 7.1.9 has XSS in project/ViewDefaultProjectRoleActors.jspa via a role name.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-04-10
Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-04-10
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
CVSS Score
4.3
EPSS Score
0.005
Published
2017-04-10