Security Vulnerabilities - CVEs Published In October 2018
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-10-11
On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the "Minimum Password Length" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the "Encryption Management Agent" or "EMAgent" application. There are no other known values modified.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-10-11
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-10-11
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVSS Score
9.8
EPSS Score
0.932
Published
2018-10-11
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-11
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-10-11
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-10-11
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as passwords through the WebUI. IBM X-Force ID: 146343.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-10-11
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-10-11
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.
CVSS Score
7.1
EPSS Score
0.001
Published
2018-10-11