Security Vulnerabilities - CVEs Published In September 2017
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
CVSS Score
6.7
EPSS Score
0.001
Published
2017-09-22
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-09-22
CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-09-22
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-22
Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-09-22