Security Vulnerabilities - CVEs Published In May 2018
Meross MSS110 devices before 1.1.24 contain a TELNET listener providing access for an undocumented admin account with a blank password.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-05-02
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to execute unverified code.
CVSS Score
6.8
EPSS Score
0.064
Published
2018-05-01
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
CVSS Score
9.8
EPSS Score
0.194
Published
2018-05-01
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-05-01
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-05-01
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-05-01
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
CVSS Score
8.8
EPSS Score
0.028
Published
2018-05-01
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-05-01
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
CVSS Score
8.8
EPSS Score
0.021
Published
2018-05-01
The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg.
CVSS Score
7.1
EPSS Score
0.0
Published
2018-05-01