Security Vulnerabilities - CVEs Published In April 2018
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.
CVSS Score
9.8
EPSS Score
0.471
Published
2018-04-19
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
CVSS Score
9.8
EPSS Score
0.301
Published
2018-04-19
A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
CVSS Score
9.8
EPSS Score
0.361
Published
2018-04-19
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
CVSS Score
7.5
EPSS Score
0.172
Published
2018-04-19
Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-04-19
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
CVSS Score
5.5
EPSS Score
0.0
Published
2018-04-19
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-04-19
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-04-19
Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation
CVSS Score
8.8
EPSS Score
0.005
Published
2018-04-19
An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS vulnerability that can steal the administrator cookies via the tag[tag] parameter to the index.php?m=tags&f=index&v=add&&_su=wuzhicms URI. After a website editor (whose privilege is lower than the administrator) logs in, he can add a new TAGS with the XSS payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-19