Security Vulnerabilities - CVEs Published In August 2017
Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet.
CVSS Score
9.8
EPSS Score
0.125
Published
2017-08-29
SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-08-29
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-08-29
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-08-29
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
CVSS Score
8.8
EPSS Score
0.051
Published
2017-08-29
qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-29
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-08-29
Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-29
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-08-29
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
CVSS Score
6.5
EPSS Score
0.005
Published
2017-08-29