Security Vulnerabilities - CVEs Published In August 2017
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
CVSS Score
7.5
EPSS Score
0.032
Published
2017-08-28
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.
CVSS Score
7.5
EPSS Score
0.017
Published
2017-08-28
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-08-28
Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-08-28
The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-28
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-28
Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-28
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVSS Score
8.8
EPSS Score
0.787
Published
2017-08-28
Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.539
Published
2017-08-28
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-08-28