Security Vulnerabilities - CVEs Published In April 2018
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-04-16
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-16
Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-04-16
Untrusted search path vulnerability in The installer of PhishWall Client Internet Explorer edition Ver. 3.7.15 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-16
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-16
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-04-16
The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directly by an administrator, or through CSRF.
CVSS Score
7.2
EPSS Score
0.007
Published
2018-04-16
Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. The component must be accessed directly by an administrator, or through CSRF.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-16
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-04-16
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-04-16