Security Vulnerabilities - CVEs Published In July 2017
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
CVSS Score
7.5
EPSS Score
0.019
Published
2017-07-17
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.278
Published
2017-07-17
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
CVSS Score
7.5
EPSS Score
0.02
Published
2017-07-17
An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-07-17
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
CVSS Score
7.5
EPSS Score
0.021
Published
2017-07-17
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
CVSS Score
8.8
EPSS Score
0.006
Published
2017-07-17
Moodle 3.x has user fullname disclosure on the user preferences page.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-07-17
In Moodle 3.3, the course overview block reveals activities in hidden courses.
CVSS Score
4.3
EPSS Score
0.002
Published
2017-07-17
In Moodle 3.x, course creators are able to change system default settings for courses.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-07-17
The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-07-17