Security Vulnerabilities - CVEs Published In August 2017
Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-28
Multiple SQL injection vulnerabilities in SmartCMS v.2.
CVSS Score
9.8
EPSS Score
0.027
Published
2017-08-28
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Process Manager Advanced 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-28
Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-28
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-08-28
In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-08-27
The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
CVSS Score
7.5
EPSS Score
0.006
Published
2017-08-27
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
CVSS Score
7.8
EPSS Score
0.01
Published
2017-08-27
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-08-27
Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-08-26