Security Vulnerabilities - CVEs Published In July 2019
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, the specific upload web module doesn't verify the file extension and type, and an attacker can upload a webshell. After the webshell upload, an attacker can use the webshell to perform remote code exection such as running a system command.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-07-10
In Hunesion i-oneNet version 3.0.7 ~ 3.0.53 and 4.0.4 ~ 4.0.16, due to the lack of update file integrity checking in the upgrade process, an attacker can craft malicious file and use it as an update.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-07-10
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MTU field to SetWanSettings.
CVSS Score
8.8
EPSS Score
0.09
Published
2019-07-10
An issue was discovered on D-Link DIR-818LW devices with firmware 2.06betab01. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings.
CVSS Score
8.8
EPSS Score
0.09
Published
2019-07-10
Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-07-10
DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands.
CVSS Score
4.9
EPSS Score
0.004
Published
2019-07-10
Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root.
CVSS Score
7.2
EPSS Score
0.009
Published
2019-07-10
SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.
CVSS Score
4.2
EPSS Score
0.002
Published
2019-07-10
SAP BusinessObjects Business Intelligence Platform (BI Workspace) (Enterprise), versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-10
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-10