Security Vulnerabilities - CVEs Published In April 2017
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
CVSS Score
3.5
EPSS Score
0.002
Published
2017-04-17
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-17
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in the jbig2_decode_symbol_dict function in jbig2_symbol_dict.c in libjbig2dec.a during operation on a crafted .jb2 file.
CVSS Score
7.1
EPSS Score
0.003
Published
2017-04-17
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-17
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
CVSS Score
8.8
EPSS Score
0.926
Published
2017-04-16
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modules/developer/_header.php and patched in core/inc/bigtree/admin.php on 2017-04-14.
CVSS Score
8.8
EPSS Score
0.0
Published
2017-04-15
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
CVSS Score
9.8
EPSS Score
0.012
Published
2017-04-15
Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.
CVSS Score
9.1
EPSS Score
0.023
Published
2017-04-14
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-04-14
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.
CVSS Score
7.5
EPSS Score
0.018
Published
2017-04-14