Security Vulnerabilities - CVEs Published In September 2017
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.
CVSS Score
5.9
EPSS Score
0.015
Published
2017-09-12
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
CVSS Score
3.7
EPSS Score
0.002
Published
2017-09-12
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-09-12
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-09-12
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVSS Score
8.8
EPSS Score
0.008
Published
2017-09-12
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-09-12
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-09-12
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-09-12
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
CVSS Score
5.5
EPSS Score
0.017
Published
2017-09-12
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
CVSS Score
6.5
EPSS Score
0.399
Published
2017-09-12