Security Vulnerabilities - CVEs Published In July 2018
An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-07-01
OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-01
OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-01
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-01
The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-07-01
ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-07-01
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm.
CVSS Score
5.5
EPSS Score
0.015
Published
2018-07-01
Page 217