Security Vulnerabilities - CVEs Published In June 2018
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise.
CVSS Score
6.8
EPSS Score
0.0
Published
2018-06-12
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices
CVSS Score
6.7
EPSS Score
0.001
Published
2018-06-12
An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root.
CVSS Score
4.4
EPSS Score
0.001
Published
2018-06-12
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid.
CVSS Score
5.3
EPSS Score
0.001
Published
2018-06-12
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
CVSS Score
4.4
EPSS Score
0.011
Published
2018-06-12
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-06-12
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-06-12
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.
CVSS Score
9.8
EPSS Score
0.263
Published
2018-06-12
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-06-12
Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process.
CVSS Score
7.1
EPSS Score
0.0
Published
2018-06-12