Security Vulnerabilities - CVEs Published In March 2019
A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-03-21
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVSS Score
9.8
EPSS Score
0.005
Published
2019-03-18
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-17
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.
CVSS Score
7.5
EPSS Score
0.002
Published
2019-03-15
In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection
CVSS Score
2.2
EPSS Score
0.0
Published
2019-03-15
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list
CVSS Score
3.3
EPSS Score
0.0
Published
2019-03-15
Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie.
CVSS Score
7.5
EPSS Score
0.009
Published
2019-03-15
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-03-15