Security Vulnerabilities - CVEs Published In October 2018
An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-10-03
SSH host keys generation vulnerability in the server in McAfee Threat Intelligence Exchange Server (TIE Server) 1.3.0, 2.0.x, 2.1.x, 2.2.0 allows man-in-the-middle attackers to spoof servers via acquiring keys from another environment.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-10-03
A potential security vulnerability has been identified with certain HP printers and MFPs in 2405129_000052 and other firmware versions. This vulnerability is known as Cross Site Request Forgery, and could potentially be exploited remotely to allow elevation of privilege.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-10-03
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change.
CVSS Score
9.8
EPSS Score
0.01
Published
2018-10-03
Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/call_details?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-10-03
On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 RunReboot commands without authentication to trigger a reboot.
CVSS Score
7.5
EPSS Score
0.01
Published
2018-10-03
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
CVSS Score
8.8
EPSS Score
0.796
Published
2018-10-03
SQL Injection in login.php in Naviwebs Navigate CMS 2.8 allows remote attackers to bypass authentication via the navigate-user cookie.
CVSS Score
9.8
EPSS Score
0.882
Published
2018-10-03
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-10-03
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
CVSS Score
7.5
EPSS Score
0.04
Published
2018-10-03