Security Vulnerabilities - CVEs Published In October 2018
data-tools through 2017-07-26 has an Integer Overflow leading to an incorrect end value for the write_wchars function.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-10-29
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-10-29
Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-10-29
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF.
CVSS Score
9.8
EPSS Score
0.026
Published
2018-10-29
ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
An XSS issue was discovered in Catfish CMS 4.8.30, related to "write source code," a similar issue to CVE-2018-13999.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-29
A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-10-29
A CSRF issue was discovered in admin/Index/tiquan in catfish blog 2.0.33.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-10-29
An XSS issue was discovered in catfish blog 2.0.33, related to "write source code."
CVSS Score
5.4
EPSS Score
0.002
Published
2018-10-29
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-10-29