Security Vulnerabilities - CVEs Published In August 2018
An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-25
An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-25
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
CVSS Score
6.5
EPSS Score
0.003
Published
2018-08-25
Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-08-25
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-08-25
Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-08-25
An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-08-25
An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-08-25
WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-08-25
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-08-25