Security Vulnerabilities - CVEs Published In November 2018
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-11-07
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-07
tianti 2.3 has stored XSS in the article management module via an article title.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-07
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-07
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-07
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.
CVSS Score
9.8
EPSS Score
0.063
Published
2018-11-07
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to conduct stack-based buffer overflow attacks via the IPv4Address field.
CVSS Score
9.8
EPSS Score
0.019
Published
2018-11-07
WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SystemReboot method allows unauthenticated reboot.
CVSS Score
7.5
EPSS Score
0.005
Published
2018-11-07