Security Vulnerabilities - CVEs Published In June 2017
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
CVSS Score
5.0
EPSS Score
0.001
Published
2017-06-08
Huawei AR1220 routers with software before V200R005SPH006 allow remote attackers to cause a denial of service (board reset) via vectors involving a large amount of traffic from the GE port to the FE port.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-06-08
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
CVSS Score
7.5
EPSS Score
0.028
Published
2017-06-08
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
CVSS Score
9.8
EPSS Score
0.031
Published
2017-06-08
Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-06-08
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-06-08
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-06-08
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer.
CVSS Score
5.6
EPSS Score
0.001
Published
2017-06-08
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
CVSS Score
5.6
EPSS Score
0.001
Published
2017-06-08
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-06-08