Security Vulnerabilities - CVEs Published In February 2018
Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823.
CVSS Score
8.1
EPSS Score
0.015
Published
2018-02-22
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could cause a denial of service. IBM X-Force ID: 138376.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-02-22
IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.
CVSS Score
3.1
EPSS Score
0.002
Published
2018-02-22
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-02-22
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-02-22
SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-02-22
In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-02-22
In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-02-22
In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-02-22
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-02-22