Security Vulnerabilities - CVEs Published In July 2018
The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-12
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-07-12
In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-12
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Weak permissions allow an authenticated user to overwrite critical files by abusing the unrestricted file upload in the WBM.
CVSS Score
6.5
EPSS Score
0.078
Published
2018-07-12
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server.
CVSS Score
8.8
EPSS Score
0.103
Published
2018-07-12
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.
CVSS Score
5.4
EPSS Score
0.026
Published
2018-07-12
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-07-12
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS Score
5.5
EPSS Score
0.006
Published
2018-07-12
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS Score
5.5
EPSS Score
0.006
Published
2018-07-12
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-12