Security Vulnerabilities - CVEs Published In October 2017
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-10-10
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-10
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.
CVSS Score
6.5
EPSS Score
0.007
Published
2017-10-10
A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-10-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-10-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-10-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.
CVSS Score
7.0
EPSS Score
0.0
Published
2017-10-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-10-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-10-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a vendor command, a buffer over-read can occur.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-10-10