Security Vulnerabilities - CVEs Published In August 2018
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
CVSS Score
9.8
EPSS Score
0.772
Published
2018-08-29
A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.
CVSS Score
7.5
EPSS Score
0.079
Published
2018-08-29
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVSS Score
5.3
EPSS Score
0.179
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
CVSS Score
9.8
EPSS Score
0.173
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.021
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
7.5
EPSS Score
0.302
Published
2018-08-29
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.173
Published
2018-08-29
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.
CVSS Score
9.8
EPSS Score
0.025
Published
2018-08-29
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVSS Score
7.5
EPSS Score
0.221
Published
2018-08-29
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
CVSS Score
7.8
EPSS Score
0.032
Published
2018-08-29