Security Vulnerabilities - CVEs Published In July 2017
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-07-17
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
CVSS Score
8.1
EPSS Score
0.012
Published
2017-07-17
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-07-17
Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one in the user profile and one in the Exif data parser.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-17
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-17
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
CVSS Score
9.8
EPSS Score
0.066
Published
2017-07-17
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
CVSS Score
7.1
EPSS Score
0.002
Published
2017-07-17
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
CVSS Score
7.5
EPSS Score
0.032
Published
2017-07-17
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17