Security Vulnerabilities - CVEs Published In May 2019
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .
CVSS Score
7.5
EPSS Score
0.024
Published
2019-05-23
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS Score
9.8
EPSS Score
0.076
Published
2019-05-23
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS Score
9.8
EPSS Score
0.042
Published
2019-05-23
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
CVSS Score
9.8
EPSS Score
0.042
Published
2019-05-23
b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-05-23
In libwebp 0.5.1, there is a double free bug in libwebpmux.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-23
Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-05-23
An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.
CVSS Score
5.3
EPSS Score
0.011
Published
2019-05-23
An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.
CVSS Score
7.5
EPSS Score
0.079
Published
2019-05-23
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application.
CVSS Score
5.4
EPSS Score
0.018
Published
2019-05-23