Security Vulnerabilities - CVEs Published In August 2017
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
CVSS Score
8.8
EPSS Score
0.014
Published
2017-08-14
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-14
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-08-14
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-08-14
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
CVSS Score
7.8
EPSS Score
0.025
Published
2017-08-14
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.015
Published
2017-08-14
Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-08-14
An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-14
An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target system using a malicious DLL file.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-14
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. An attacker is able to gain privileged access to the system while unauthorized.
CVSS Score
9.8
EPSS Score
0.013
Published
2017-08-14