Security Vulnerabilities - CVEs Published In March 2017
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-03-30
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-03-30
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-03-30
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-03-30
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-03-30
Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x before 5.4.0 could violate a security policy during IPS signature updates when the FortiGate's IPSengine is configured in flow mode. All FortiGate versions with IPS configured in proxy mode (the default mode) are not affected.
CVSS Score
5.9
EPSS Score
0.002
Published
2017-03-30
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API, and may therefore be able to crack them.
CVSS Score
4.9
EPSS Score
0.004
Published
2017-03-30
Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro devices have a built-in, hidden root account, with a default password that was once stored in cleartext within a software update package on a Trango FTP server. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-03-30
Trango Altum AC600 devices have a built-in, hidden root account, with a default password of abcd1234. This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-03-30
Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.
CVSS Score
9.8
EPSS Score
0.011
Published
2017-03-30