Security Vulnerabilities - CVEs Published In 2018
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-21
atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials.
CVSS Score
9.8
EPSS Score
0.031
Published
2018-12-21
spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-12-21
dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-12-21
CVE-2018-19320
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
Known exploited
CVSS Score
7.8
EPSS Score
0.207
Published
2018-12-21
CVE-2018-19321
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.21
Published
2018-12-21
CVE-2018-19322
The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.04
Published
2018-12-21
CVE-2018-19323
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and write Machine Specific Registers (MSRs).
Known exploited
CVSS Score
9.8
EPSS Score
0.231
Published
2018-12-21
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 (build 9627) 4.2 Release (build 7631). This occurs because appropriate controls are not performed. Specifically, it is possible for a readonly user to change the administrator user password by making a local copy of the /dana-admin/user/update.cgi page, changing the "user" value, and saving the changes.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-12-21
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
CVSS Score
7.2
EPSS Score
0.005
Published
2018-12-21