Security Vulnerabilities - CVEs Published In November 2018
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-11-28
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-28
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710.
CVSS Score
7.7
EPSS Score
0.006
Published
2018-11-27
There is an information leak vulnerability in some Huawei smartphones. An attacker may do some specific configuration in the smartphone and trick a user into inputting some sensitive information. Due to improper design, successful exploit may cause some information leak.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-11-27
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information.
CVSS Score
7.4
EPSS Score
0.002
Published
2018-11-27
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-11-27
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause sensitive information leak.
CVSS Score
7.4
EPSS Score
0.001
Published
2018-11-27
There is a smart SMS verification code vulnerability in some Huawei smart phones. An attacker should trick a user to access malicious Website or malicious App and register. Due to incorrect processing of the smart SMS verification code, successful exploitation can cause sensitive information leak.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-27
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-11-27
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series of specific operations. Successful exploit could allow the attacker bypass the FRP protection.
CVSS Score
4.6
EPSS Score
0.0
Published
2018-11-27