Security Vulnerabilities - CVEs Published In March 2018
Authentication bypass in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.005
Published
2018-03-13
Remote password change in Hanwha Techwin Smartcams
CVSS Score
9.8
EPSS Score
0.004
Published
2018-03-13
Arbitrary camera access and monitoring via cloud in Hanwha Techwin Smartcams
CVSS Score
7.5
EPSS Score
0.004
Published
2018-03-13
Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams
CVSS Score
7.5
EPSS Score
0.004
Published
2018-03-13
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams
CVSS Score
7.5
EPSS Score
0.004
Published
2018-03-13
Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service
CVSS Score
7.5
EPSS Score
0.008
Published
2018-03-13
Denial of service in Gemalto's Sentinel LDK RTE version before 7.65
CVSS Score
7.5
EPSS Score
0.005
Published
2018-03-13
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.
CVSS Score
4.3
EPSS Score
0.241
Published
2018-03-13
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).
CVSS Score
8.8
EPSS Score
0.053
Published
2018-03-13
Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the server.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-03-13