Security Vulnerabilities - CVEs Published In 2018
IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. IBM X-Force ID: 145966.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-12-05
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-05
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709.
CVSS Score
7.1
EPSS Score
0.004
Published
2018-12-05
IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 147810.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-12-05
IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. IBM X-Force ID: 153382.
CVSS Score
8.4
EPSS Score
0.0
Published
2018-12-05
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-12-05
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
CVSS Score
9.1
EPSS Score
0.016
Published
2018-12-05
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
CVSS Score
6.5
EPSS Score
0.138
Published
2018-12-05
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
CVSS Score
9.8
EPSS Score
0.355
Published
2018-12-05
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
CVSS Score
8.1
EPSS Score
0.003
Published
2018-12-05