Security Vulnerabilities - CVEs Published In November 2017
VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVSS Score
6.5
EPSS Score
0.0
Published
2017-11-17
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-17
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-11-17
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary
CVSS Score
8.1
EPSS Score
0.004
Published
2017-11-17
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary
CVSS Score
8.1
EPSS Score
0.011
Published
2017-11-17
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-11-17
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-11-17
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CVSS Score
9.8
EPSS Score
0.033
Published
2017-11-17
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17