Security Vulnerabilities - CVEs Published In July 2018
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-20
An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection.
CVSS Score
7.2
EPSS Score
0.006
Published
2018-07-20
IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote authenticated attacker to obtain sensitive information displayed in the URL that could lead to further attacks against the system. IBM X-Force ID: 140688.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-07-20
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967.
CVSS Score
5.4
EPSS Score
0.021
Published
2018-07-20
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow a local user with administrator privileges to obtain user passwords found in debugging messages. IBM X-Force ID: 142968.
CVSS Score
4.4
EPSS Score
0.0
Published
2018-07-20
IBM Sterling B2B Integrator Standard Edition 5.2 through 5.2.6 could allow an unauthenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 145180.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-07-20
An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-07-20
An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-07-20
An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-07-20
An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-07-20