Security Vulnerabilities - CVEs Published In July 2017
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges
CVSS Score
8.8
EPSS Score
0.0
Published
2017-07-28
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect detection and recovery from an invalid state produced by specific user actions may lead to denial of service.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-28
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.
CVSS Score
6.5
EPSS Score
0.0
Published
2017-07-28
There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-07-28
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System.
CVSS Score
9.1
EPSS Score
0.002
Published
2017-07-28
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. The Apache Solr account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for Apache Solr has access to all indexed patient documents.
CVSS Score
9.1
EPSS Score
0.002
Published
2017-07-28
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-07-28
front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.
CVSS Score
4.9
EPSS Score
0.004
Published
2017-07-28
SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-28
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-07-28