Security Vulnerabilities - CVEs Published In September 2018
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-09-05
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-09-05
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
CVSS Score
5.5
EPSS Score
0.005
Published
2018-09-05
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-09-05
Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-09-05
NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-09-05
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
CVSS Score
9.8
EPSS Score
0.023
Published
2018-09-05
An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-09-05
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-09-05
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
CVSS Score
4.3
EPSS Score
0.002
Published
2018-09-05