Security Vulnerabilities - CVEs Published In January 2018
Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship, or satellite details.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-01-16
A stack-based Buffer Overflow Vulnerability exists in the web server in Pulse Secure Pulse Connect Secure (PCS) before 8.3R4 and Pulse Policy Secure (PPS) before 5.4R4, leading to memory corruption and possibly remote code execution.
CVSS Score
9.8
EPSS Score
0.114
Published
2018-01-16
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
CVSS Score
9.8
EPSS Score
0.38
Published
2018-01-16
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
CVSS Score
9.8
EPSS Score
0.387
Published
2018-01-16
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
CVSS Score
7.5
EPSS Score
0.195
Published
2018-01-16
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.
CVSS Score
9.8
EPSS Score
0.576
Published
2018-01-16
In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-01-16
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-01-16
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
CVSS Score
5.9
EPSS Score
0.036
Published
2018-01-16
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
CVSS Score
6.1
EPSS Score
0.079
Published
2018-01-16