Security Vulnerabilities - CVEs Published In March 2018
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-03-22
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
CVSS Score
6.7
EPSS Score
0.005
Published
2018-03-22
IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-03-22
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
CVSS Score
9.8
EPSS Score
0.089
Published
2018-03-22
In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222108.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-22
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-22
In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222044.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-22
In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002000.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-03-22
In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-03-22
dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-03-22