Security Vulnerabilities - CVEs Published In June 2018
Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-06-26
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
CVSS Score
7.5
EPSS Score
0.063
Published
2018-06-26
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information.
CVSS Score
7.2
EPSS Score
0.019
Published
2018-06-26
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
7.4
EPSS Score
0.001
Published
2018-06-26
Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-26
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-06-26
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
CVSS Score
3.8
EPSS Score
0.001
Published
2018-06-26
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site user via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-26
Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-06-26
baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site user via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-26