CVE-2018-8920

Beschreibung:
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format.

CWE: CWE-116 CWE-787

CVSS-Bewertung
CVSS 2: MEDIUM – 6.5 (Version: 2.0)
CVSS 3: HIGH – 7.2 (Version: 3.1)

Links:

NVD – CVE-2018-8920
CVE – CVE-2018-8920

Link (max. 20) Quelle Tags
https://www.synology.com/security/advisory/Synology_SA_18_14 CONFIRM Vendor Advisory Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/150600/Rockwell-Automation-Allen-Bradley-PowerMonitor-1000-XSS.html MISC Exploit Third Party Advisory VDB Entry
106333 BID Third Party Advisory VDB Entry VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-050-04 MISC US Government Resource Third Party Advisory VDB Entry
108538 BID
https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf CONFIRM
DSA-4456 DEBIAN
20190605 [SECURITY] [DSA 4456-1] exim4 security update BUGTRAQ
GLSA-201906-01 GENTOO
[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit MLIST
108679 BID
openSUSE-SU-2019:1524 SUSE
http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html MISC
20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149) FULLDISC
http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html MISC
[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2 MLIST
[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2 MLIST
[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2 MLIST
http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html MISC
[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim MLIST

Quelle: NVD – CVE-2018-8920
Datum Veröffentlichung: 2018-12-24T15:29Z, Datum letzte Änderung: 2021-05-12T14:15Z