Security Vulnerabilities - CVEs Published In September 2017
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.
CVSS Score
7.0
EPSS Score
0.009
Published
2017-09-25
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-25
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
CVSS Score
6.5
EPSS Score
0.005
Published
2017-09-25
Multiple hardcoded credentials in Xsuite 2.x.
CVSS Score
9.8
EPSS Score
0.24
Published
2017-09-25
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
CVSS Score
6.1
EPSS Score
0.05
Published
2017-09-25
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-09-25
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-09-25
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVSS Score
6.1
EPSS Score
0.004
Published
2017-09-25
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
CVSS Score
6.1
EPSS Score
0.02
Published
2017-09-25
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-09-25