Security Vulnerabilities - CVEs Published In September 2017
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-22
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-22
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-09-22
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
CVSS Score
5.4
EPSS Score
0.004
Published
2017-09-22
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
CVSS Score
8.1
EPSS Score
0.046
Published
2017-09-22
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
CVSS Score
9.8
EPSS Score
0.724
Published
2017-09-22
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where improper access controls could allow unprivileged users to cause a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-09-22
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2017-09-22
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-09-22
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-09-22