Security Vulnerabilities - CVEs Published In September 2017
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-09-20
Cross-site request forgery in the REST API in IPython 2 and 3.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-09-20
Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before GRA-TL00C01B210, and before GRA-UL00C00B210 allows remote attackers to obtain user equipment (aka UE) measurements of signal strengths.
CVSS Score
3.7
EPSS Score
0.001
Published
2017-09-20
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-09-20
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.
CVSS Score
7.5
EPSS Score
0.1
Published
2017-09-20
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
CVSS Score
7.0
EPSS Score
0.002
Published
2017-09-20
There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.
CVSS Score
7.5
EPSS Score
0.218
Published
2017-09-20
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the telnet and will infect the device with malicious code.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-09-20
On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not).
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-20
The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
CVSS Score
6.0
EPSS Score
0.001
Published
2017-09-20