Security Vulnerabilities - CVEs Published In 2018
A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-11-08
A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and, and gain root access.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-08
A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-11-08
A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands.
CVSS Score
8.8
EPSS Score
0.015
Published
2018-11-08
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-11-08
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file.
CVSS Score
7.8
EPSS Score
0.009
Published
2018-11-08
In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-11-08
In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-11-08
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-11-08
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization check.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-08