Security Vulnerabilities - CVEs Published In April 2018
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-04-22
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-22
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-22
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-22
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-22
app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-21
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-04-21
CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-04-21
Adaltech G-Ticket v70 EME104 has SQL Injection via the mobile-loja/mensagem.asp eve_cod parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-04-21
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-04-21