Security Vulnerabilities - CVEs Published In July 2017
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-07-17
ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search, Glossary, Social Group Member Search, Social Friend Search, Social Group Search, File Comment, Gradebook Test Title, User Group Membership, Inbox/Sent Items, Sent Messages, Links, Photo Album, Poll, Social Application, Social Profile, Test, Content Menu, Auto-Login, and Gradebook components resulting in information disclosure, database modification, or potential code execution.
CVSS Score
9.8
EPSS Score
0.022
Published
2017-07-17
PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data).
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-07-17
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-07-17
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-07-17
Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.
CVSS Score
9.8
EPSS Score
0.111
Published
2017-07-17
Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.014
Published
2017-07-17
MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17
MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-17