Security Vulnerabilities - CVEs Published In 2018
The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS.
CVSS Score
5.3
EPSS Score
0.0
Published
2018-11-08
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.
CVSS Score
5.9
EPSS Score
0.006
Published
2018-11-07
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is a variant of CVE-2006-4340.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-11-07
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation through fake X.509 certificates. This is an even more permissive variant of CVE-2006-4790 and CVE-2014-1568.
CVSS Score
5.9
EPSS Score
0.002
Published
2018-11-07
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-07
tianti 2.3 has stored XSS in the article management module via an article title.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-07
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-07
An issue was discovered in YzmCMS v5.2. It has XSS via a search/index/archives/pubtime/ query string, as demonstrated by the search/index/archives/pubtime/1526387722/page/1.html URI. NOTE: this does not obtain a user's cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-07
An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it requires incorrect usage of the client_example_control program
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-07
An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.
CVSS Score
9.8
EPSS Score
0.063
Published
2018-11-07