Security Vulnerabilities - CVEs Published In May 2018
DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-05-30
The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-05-29
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-05-29
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-05-29
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-05-29
An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-05-29
An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-05-29
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.008
Published
2018-05-29
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.008
Published
2018-05-29
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.008
Published
2018-05-29