Security Vulnerabilities - CVEs Published In May 2017
An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code.
CVSS Score
7.0
EPSS Score
0.003
Published
2017-05-08
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-05-08
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-05-08
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-05-08
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-05-08
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-05-08
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-05-08
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-05-08
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-05-08
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-05-08