Security Vulnerabilities - CVEs Published In June 2017
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-06-06
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevant version of OpenSSH and makes the installations vulnerable to a range of MITM, downgrade, and decryption attacks.
CVSS Score
8.5
EPSS Score
0.002
Published
2017-06-06
irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-06-06
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-06
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-06-06
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\modules\pages\revisions.php. Low-privileged (administrator) users can attack high-privileged (Developer) users.
CVSS Score
5.4
EPSS Score
0.001
Published
2017-06-06
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-06-06
CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2017-06-06
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-06
In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-06-06