Security Vulnerabilities - CVEs Published In August 2017
Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-08-18
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-08-18
The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another reporting user, possibly gaining access to sensitive data.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-08-18
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-18
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-08-18
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
CVSS Score
4.7
EPSS Score
0.001
Published
2017-08-18