Security Vulnerabilities - CVEs Published In September 2017
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/storage_account_root permissions.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-13
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/run/hostapd* permissions.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-13
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
CVSS Score
9.8
EPSS Score
0.025
Published
2017-09-13
D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allow remote attackers to cause a denial of service (daemon crash) via crafted LAN traffic.
CVSS Score
7.5
EPSS Score
0.005
Published
2017-09-13
It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-09-13
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-09-13
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-09-13
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-09-13
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-09-13
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.
CVSS Score
9.8
EPSS Score
0.019
Published
2017-09-13