Security Vulnerabilities - CVEs Published In 2017
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-11-28
An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-11-28
The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected XSS because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly.
CVSS Score
6.1
EPSS Score
0.036
Published
2017-11-28
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-11-28
Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-11-28
The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.
CVSS Score
7.2
EPSS Score
0.004
Published
2017-11-28
Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
CVSS Score
5.5
EPSS Score
0.015
Published
2017-11-28
KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
CVSS Score
5.5
EPSS Score
0.013
Published
2017-11-28
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by modifying a UUID value within the header of a crafted application binary.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-28
EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-11-28