Security Vulnerabilities - CVEs Published In 2018
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-23
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-23
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-23
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET /login.html__passwd2" and so on.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-12-23
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-23
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-12-23
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-22
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVSS Score
6.5
EPSS Score
0.009
Published
2018-12-22
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-22
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
CVSS Score
6.5
EPSS Score
0.01
Published
2018-12-22