Security Vulnerabilities - CVEs Published In March 2018
Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-15
A stored cross-site scripting (XSS) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject client-side scripts into vulnerable systems.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-03-15
A SQL injection vulnerability in a Trend Micro Email Encryption Gateway 5.5 policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVSS Score
9.8
EPSS Score
0.036
Published
2018-03-15
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVSS Score
9.8
EPSS Score
0.036
Published
2018-03-15
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
CVSS Score
6.8
EPSS Score
0.019
Published
2018-03-15
A server auth command injection authentication bypass vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.3 and below could allow remote attackers to escalate privileges on vulnerable installations.
CVSS Score
9.8
EPSS Score
0.211
Published
2018-03-15
VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-03-15
An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-03-15
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-03-15
An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-03-15