How Secure are our Voting Systems for November 2018?

Command injection vulnerability in Music Station 5.1.2 and earlier versions in QNAP QTS 4.3.3 and 4.3.4 could allow remote attackers to run arbitrary commands in the compromised application.

CVE-2018-1719
PUBLISHED: 2018-09-14

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.

CVE-2018-1791
PUBLISHED: 2018-09-14

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to an External Service Interaction attack, caused by improper validation of a request property. By submitting suitable payloads, an attacker could exploit this vulnerability to induce the Connections server to attack other systems. IBM X-Force ID: 1489…

CVE-2018-17044
PUBLISHED: 2018-09-14

In YzmCMS 5.1, stored XSS exists via the admin/system_manage/user_config_add.html title parameter.

CVE-2018-17045
PUBLISHED: 2018-09-14

An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update.