Security Vulnerabilities - CVEs Published In 2018
ThinkCMF X2.2.2 has SQL Injection via the method edit_post in ArticleController.class.php and is exploitable by normal authenticated users via the post[id][1] parameter in an article edit_post action.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-12-06
DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field.
CVSS Score
4.8
EPSS Score
0.014
Published
2018-12-06
SearchController.php in PbootCMS 1.2.1 has SQL injection via the index.php/Search/index.html query string.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-06
In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-12-06
In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.
CVSS Score
5.5
EPSS Score
0.003
Published
2018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-12-06