Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2018
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_host_2g isolate.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-09-13
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-09-13
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.
CVSS Score
6.5
EPSS Score
0.008
Published
2018-09-13
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
CVSS Score
7.8
EPSS Score
0.006
Published
2018-09-13
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-09-13
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-09-13
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
CVSS Score
7.8
EPSS Score
0.006
Published
2018-09-13
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-09-13
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
CVSS Score
8.8
EPSS Score
0.018
Published
2018-09-13
IBM Maximo Asset Management 7.6 through 7.6.3 could allow an unauthenticated attacker to obtain sensitive information from error messages. IBM X-Force ID: 145967.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-09-13


Contact Us

Shodan ® - All rights reserved