Security Vulnerabilities - CVEs Published In November 2018
An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.
CVSS Score
9.0
EPSS Score
0.005
Published
2018-11-01
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-11-01
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
CVSS Score
6.5
EPSS Score
0.017
Published
2018-11-01
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.
CVSS Score
7.5
EPSS Score
0.001
Published
2018-11-01
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.
CVSS Score
8.1
EPSS Score
0.015
Published
2018-11-01
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.
CVSS Score
5.6
EPSS Score
0.002
Published
2018-11-01
A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.
CVSS Score
8.6
EPSS Score
0.033
Published
2018-11-01
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-01
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-11-01
MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-11-01