Security Vulnerabilities - CVEs Published In July 2018
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
CVSS Score
8.1
EPSS Score
0.004
Published
2018-07-17
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-07-17
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
CVSS Score
4.7
EPSS Score
0.0
Published
2018-07-17
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-07-17
TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain sensitive information by leveraging an unattended workstation on which TeamViewer has disconnected but remains running.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-07-17
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-07-17
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
7.2
EPSS Score
0.754
Published
2018-07-17
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.681
Published
2018-07-17
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.421
Published
2018-07-17
Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS Score
8.8
EPSS Score
0.212
Published
2018-07-17