Security Vulnerabilities - CVEs Published In May 2017
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-05-16
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-16
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-16
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-16
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-05-16
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-05-16
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
CVSS Score
4.5
EPSS Score
0.006
Published
2017-05-16
IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create an instance that gets created with security profile not valid for the templates, that results in the new instance not accessible for the intended user. IBM X-Force ID: 116379.
CVSS Score
2.7
EPSS Score
0.002
Published
2017-05-15
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,
CVSS Score
4.3
EPSS Score
0.002
Published
2017-05-15
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-05-15