Security Vulnerabilities - CVEs Published In November 2018
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail search.
CVSS Score
8.8
EPSS Score
0.008
Published
2018-11-15
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified vectors.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-11-15
Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-11-15
Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App for Android prior to version 1.0.6, and KDDI +Message App for iOS prior to version 1.1.23) do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.9
EPSS Score
0.001
Published
2018-11-15
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-15
Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-15
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.
CVSS Score
6.5
EPSS Score
0.011
Published
2018-11-15
The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-15
XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php (aka submissions page) begin_date, end_date, or form_id parameter.
CVSS Score
6.1
EPSS Score
0.195
Published
2018-11-15