Security Vulnerabilities - CVEs Published In September 2018
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-22
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-09-21
Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-09-21
Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-09-21
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
CVSS Score
7.6
EPSS Score
0.001
Published
2018-09-21
FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php.
CVSS Score
9.8
EPSS Score
0.049
Published
2018-09-21
An issue was discovered in UCMS 1.4.6. aaddpost.php has stored XSS via the sadmin/aindex.php minfo parameter in a sadmin_aaddpost action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-21
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.
CVSS Score
9.8
EPSS Score
0.064
Published
2018-09-21
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVSS Score
9.8
EPSS Score
0.783
Published
2018-09-21
A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-21