Security Vulnerabilities - CVEs Published In July 2017
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-07-04
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
CVSS Score
6.5
EPSS Score
0.016
Published
2017-07-04
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 is used.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-07-04
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-07-04
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-04
JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-07-04
An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-07-04
An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-04
An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-07-04
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-07-04