Security Vulnerabilities - CVEs Published In August 2017
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
CVSS Score
8.1
EPSS Score
0.01
Published
2017-08-25
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-08-25
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-25
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-08-25
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.
CVSS Score
7.5
EPSS Score
0.01
Published
2017-08-25
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.
CVSS Score
7.5
EPSS Score
0.184
Published
2017-08-25
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-25
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-25
controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-25
A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-08-25