Security Vulnerabilities - CVEs Published In September 2017
The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print_is_reach_subtlv().
CVSS Score
9.8
EPSS Score
0.014
Published
2017-09-14
The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in print-chdlc.c:chdlc_print().
CVSS Score
9.8
EPSS Score
0.021
Published
2017-09-14
The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in print-olsr.c:olsr_print().
CVSS Score
9.8
EPSS Score
0.006
Published
2017-09-14
The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:ikev1_id_print().
CVSS Score
9.8
EPSS Score
0.006
Published
2017-09-14
The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c, several functions.
CVSS Score
9.8
EPSS Score
0.006
Published
2017-09-14
The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer over-read in print-rt6.c:rt6_print().
CVSS Score
9.8
EPSS Score
0.021
Published
2017-09-14
GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing winstart-server.vbs with arbitrary VBScript code. For example, a local user could create VBScript code for a TCP reverse shell, and use that later for Remote Command Execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-09-14
The IP parser in tcpdump before 4.9.2 has a buffer over-read in print-ip.c:ip_printroute().
CVSS Score
9.8
EPSS Score
0.006
Published
2017-09-14
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVSS Score
9.8
EPSS Score
0.006
Published
2017-09-14
The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read in print-mobility.c:mobility_opt_print().
CVSS Score
9.8
EPSS Score
0.021
Published
2017-09-14