Security Vulnerabilities - CVEs Published In January 2018
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e000. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-08
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-08
In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issue on any Windows operating system version (32-bit or 64-bit).
CVSS Score
7.8
EPSS Score
0.0
Published
2018-01-08
The Installer in Whale allows DLL hijacking.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-01-08
Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-01-08
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-01-08
Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-01-08
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field.
CVSS Score
7.5
EPSS Score
0.074
Published
2018-01-07
When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-01-06
When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-01-06