Security Vulnerabilities - CVEs Published In November 2018
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
CVSS Score
8.8
EPSS Score
0.012
Published
2018-11-16
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVSS Score
4.7
EPSS Score
0.003
Published
2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVSS Score
7.2
EPSS Score
0.004
Published
2018-11-15
The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-11-15
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affects Team.
CVSS Score
9.8
EPSS Score
0.357
Published
2018-11-15