Security Vulnerabilities - CVEs Published In June 2017
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.136
Published
2017-06-07
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
CVSS Score
8.1
EPSS Score
0.008
Published
2017-06-07
The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-06-07
Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-07
Cross-site scripting (XSS) vulnerability in Vindula 1.9.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-06-07
Directory traversal vulnerability in Spiffy before 5.4.
CVSS Score
7.5
EPSS Score
0.034
Published
2017-06-07
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).
CVSS Score
6.5
EPSS Score
0.004
Published
2017-06-07
Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-06-07
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.
CVSS Score
7.3
EPSS Score
0.001
Published
2017-06-07
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-06-07