Security Vulnerabilities - CVEs Published In March 2018
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-03-01
In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function saveBinaryCLProgram in magick/opencl.c because a program-lookup result is not checked, related to CacheOpenCLKernel.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-03-01
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials (remote code execution may be possible as well).
CVSS Score
9.8
EPSS Score
0.028
Published
2018-03-01
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.016
Published
2018-03-01
An issue was discovered in Wowza Streaming Engine before 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-01
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.
CVSS Score
7.8
EPSS Score
0.005
Published
2018-03-01
The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-03-01
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CVSS Score
7.3
EPSS Score
0.012
Published
2018-03-01
A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.
CVSS Score
4.6
EPSS Score
0.002
Published
2018-03-01
A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-01