Security Vulnerabilities - CVEs Published In September 2018
Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.048
Published
2018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.033
Published
2018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.033
Published
2018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVSS Score
9.8
EPSS Score
0.048
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score
7.5
EPSS Score
0.022
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.034
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-26