Security Vulnerabilities - CVEs Published In July 2017
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-07-27
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-07-27
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
CVSS Score
6.1
EPSS Score
0.017
Published
2017-07-27
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-07-27
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
CVSS Score
5.4
EPSS Score
0.005
Published
2017-07-27
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.
CVSS Score
5.5
EPSS Score
0.047
Published
2017-07-27
The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted wav file.
CVSS Score
5.5
EPSS Score
0.034
Published
2017-07-27
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.
CVSS Score
5.5
EPSS Score
0.03
Published
2017-07-27
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
CVSS Score
5.5
EPSS Score
0.025
Published
2017-07-27
The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows remote attackers to cause a denial of service (buffer over-read) via a crafted mp3 file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-07-27