Security Vulnerabilities - CVEs Published In August 2017
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126246.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-18
IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576.
CVSS Score
5.9
EPSS Score
0.007
Published
2017-08-18
Directory traversal vulnerability in ajaxfileupload.php in Kayson Group Ltd. phpGrid before 7.2.5 allows remote attackers to execute arbitrary code by uploading a crafted file with a .. (dot dot) in the file name.
CVSS Score
7.8
EPSS Score
0.013
Published
2017-08-18
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-08-18
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-08-18
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-18
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-18
Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 4400 before A2 has unknown impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-18
Buffer overflow in the ares_parse_a_reply function in the embedded ares library in ReSIProcate before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted DNS response.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-08-18
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.002
Published
2017-08-18