Security Vulnerabilities - CVEs Published In August 2018
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
CVSS Score
7.8
EPSS Score
0.392
Published
2018-08-15
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-08-15
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
CVSS Score
6.8
EPSS Score
0.003
Published
2018-08-15
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-15
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-15
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.
CVSS Score
7.5
EPSS Score
0.506
Published
2018-08-15
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-15
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-08-15
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-08-15
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-08-15