Security Vulnerabilities, CVEs, Published In May 2017
SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.
Max CVSS
6.5
EPSS Score
0.13%
Published
2017-05-31
Updated
2017-06-09
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-05-31
Updated
2017-06-09
lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.
Max CVSS
6.1
EPSS Score
0.15%
Published
2017-05-31
Updated
2017-06-08
libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.
Max CVSS
7.5
EPSS Score
0.21%
Published
2017-05-31
Updated
2019-10-03
Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
Max CVSS
5.5
EPSS Score
0.12%
Published
2017-05-29
Updated
2017-06-08
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
7.8
EPSS Score
0.47%
Published
2017-05-29
Updated
2017-06-06
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Max CVSS
7.8
EPSS Score
0.82%
Published
2017-05-29
Updated
2017-11-23
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-11-24
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-05-29
Updated
2017-06-08
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.
Max CVSS
6.5
EPSS Score
0.11%
Published
2017-05-29
Updated
2017-06-08
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
Max CVSS
9.8
EPSS Score
0.44%
Published
2017-05-29
Updated
2019-10-03
Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-10-05
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-05-29
Updated
2017-06-08
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
Max CVSS
6.1
EPSS Score
0.17%
Published
2017-05-29
Updated
2017-07-17
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Max CVSS
6.5
EPSS Score
91.50%
Published
2017-05-29
Updated
2022-06-13
In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.
Max CVSS
9.8
EPSS Score
1.85%
Published
2017-05-29
Updated
2019-10-03
In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered remotely.
Max CVSS
9.8
EPSS Score
0.43%
Published
2017-05-29
Updated
2019-10-03
In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remote DoS attack by a malicious switch.
Max CVSS
6.5
EPSS Score
0.25%
Published
2017-05-29
Updated
2018-01-05
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-05-29
Updated
2019-10-03
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2017-05-29
Updated
2019-10-03
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-05-28
Updated
2017-06-08
andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-05-28
Updated
2017-06-08