Security Vulnerabilities - CVEs Published In August 2017
A elevation of privilege vulnerability in the Qualcomm ipa driver. Product: Android. Versions: Android kernel. Android ID: A-35467471. References: QC-CR#2029392.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-09
A elevation of privilege vulnerability in the Qualcomm proprietary component. Product: Android. Versions: Android kernel. Android ID: A-32524214. References: QC-CR#2044821.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-09
A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-09
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-08-09
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2017-08-09
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-08-09
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
CVSS Score
9.8
EPSS Score
0.009
Published
2017-08-09
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-09
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
CVSS Score
8.2
EPSS Score
0.001
Published
2017-08-09
It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.
CVSS Score
8.8
EPSS Score
0.009
Published
2017-08-09