Security Vulnerabilities - CVEs Published In September 2018
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
CVSS Score
6.2
EPSS Score
0.0
Published
2018-09-10
Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-10
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-09-10
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-09-10
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring.
CVSS Score
7.2
EPSS Score
0.005
Published
2018-09-10
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR).
CVSS Score
8.8
EPSS Score
0.003
Published
2018-09-10
A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value.
CVSS Score
7.8
EPSS Score
0.016
Published
2018-09-10
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
CVSS Score
8.1
EPSS Score
0.005
Published
2018-09-10
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the site name in the "Categories" menu.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-10
wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-10