Security Vulnerabilities - CVEs Published In August 2018
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-08-08
An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products.
CVSS Score
6.3
EPSS Score
0.001
Published
2018-08-08
An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-08-08
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf.
CVSS Score
8.8
EPSS Score
0.006
Published
2018-08-08
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-08
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-08-08
AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-08-08
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
CVSS Score
8.6
EPSS Score
0.003
Published
2018-08-08
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-08
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-08-08