Security Vulnerabilities - CVEs Published In November 2018
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-11-01
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-11-01
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-01
Page 99