Security Vulnerabilities - CVEs Published In September 2017
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-09-30
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-30
Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-09-30
_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-30
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.
CVSS Score
5.5
EPSS Score
0.014
Published
2017-09-30
scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-30
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-30
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-09-30
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."
CVSS Score
7.8
EPSS Score
0.002
Published
2017-09-30
Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFile+0x000000000000344e."
CVSS Score
7.8
EPSS Score
0.002
Published
2017-09-30