Security Vulnerabilities - CVEs Published In April 2017
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
CVSS Score
6.5
EPSS Score
0.144
Published
2017-04-13
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
CVSS Score
8.8
EPSS Score
0.059
Published
2017-04-13
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-04-13
Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-13
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.
CVSS Score
3.3
EPSS Score
0.0
Published
2017-04-13
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-13
Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-13
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-13
Firejail does not properly clean environment variables, which allows local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-13
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-04-13