Security Vulnerabilities - CVEs Published In March 2018
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
CVSS Score
8.8
EPSS Score
0.012
Published
2018-03-12
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-03-11
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
CVSS Score
7.5
EPSS Score
0.031
Published
2018-03-11
A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php.
CVSS Score
9.8
EPSS Score
0.076
Published
2018-03-11
The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka AFFLIBv3) through 3.7.16 allows remote attackers to cause a denial of service (segmentation fault) via a corrupt AFF image that triggers an unexpected pagesize value.
CVSS Score
6.5
EPSS Score
0.012
Published
2018-03-11
The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-03-11
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
CVSS Score
8.1
EPSS Score
0.004
Published
2018-03-10
One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via UART pins without any restrictions, which leads to full system compromise and disclosure of user communications.
CVSS Score
6.8
EPSS Score
0.0
Published
2018-03-10
A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. This vulnerability will lead to full system compromise and disclosure of user communications. The foxconn account with an 8-character lowercase alphabetic password can be used.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-03-10
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
CVSS Score
5.5
EPSS Score
0.001
Published
2018-03-10