Security Vulnerabilities - CVEs Published In 2018
ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-12-31
Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.
CVSS Score
9.8
EPSS Score
0.03
Published
2018-12-31
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-12-31
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-12-31
TEMMOKU T1.09 Beta allows admin/user/add CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-30
public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-12-30
UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-12-30
UCMS 1.4.7 has ?do=user_addpost CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-30
UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadmin_fileedit action.
CVSS Score
8.8
EPSS Score
0.009
Published
2018-12-30
sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-30