Security Vulnerabilities - CVEs Published In August 2017
XML external entity (XXE) processing vulnerability in Trend Micro Control Manager 6.0, if exploited, could lead to information disclosure. Formerly ZDI-CAN-4706.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-08-02
Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-08-02
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-08-02
Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-08-02
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
CVSS Score
9.8
EPSS Score
0.777
Published
2017-08-02
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-08-02
Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-08-02
IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-08-02
XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-08-02
The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
CVSS Score
8.1
EPSS Score
0.005
Published
2017-08-02