Security Vulnerabilities - CVEs Published In October 2017
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-10-28
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
CVSS Score
9.8
EPSS Score
0.002
Published
2017-10-28
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-28
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admin account.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-10-28
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2017-10-28
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows remote attackers to cause a denial of service (find_abstract_instance_name invalid memory read, segmentation fault, and application crash).
CVSS Score
7.5
EPSS Score
0.008
Published
2017-10-27
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename. NOTE: this issue is caused by an incomplete fix for CVE-2017-15023.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-10-27
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-10-27
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
CVSS Score
6.5
EPSS Score
0.003
Published
2017-10-27
In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-10-27