Security Vulnerabilities - CVEs Published In October 2017
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-10-18
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-10-18
The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.
CVSS Score
5.9
EPSS Score
0.003
Published
2017-10-18
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-10-18
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-10-18
Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code
CVSS Score
5.3
EPSS Score
0.001
Published
2017-10-18
EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-10-18
The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Local File Inclusion. It accepts a parameter that specifies a file for display or for use as a template. The filename is not validated; an attacker could retrieve any file.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-10-18
An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-10-18
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-10-18