Security Vulnerabilities - CVEs Published In June 2017
The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
CVSS Score
5.5
EPSS Score
0.013
Published
2017-06-21
In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-06-21
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-06-21
GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.
CVSS Score
5.5
EPSS Score
0.003
Published
2017-06-21
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-06-20
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.539
Published
2017-06-20
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.539
Published
2017-06-20
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.7
Published
2017-06-20
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.036
Published
2017-06-20
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-06-20