6 Eye-Raising Third-Party Breaches

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-15189
PUBLISHED: 2018-08-10

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile.

CVE-2018-6553
PUBLISHED: 2018-08-10

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu…

CVE-2018-6556
PUBLISHED: 2018-08-10

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn’t otherwise be able to reach. It may also be used to trigger side effects by causing a (read…

CVE-2018-10769
PUBLISHED: 2018-08-10

The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other to…

CVE-2018-13390
PUBLISHED: 2018-08-10

Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users’ roles.

Read More HERE

Leave a Reply