Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2018
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVSS Score
6.5
EPSS Score
0.043
Published
2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-05-20
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the "burnOverflow" issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-05-19
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-05-19
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-05-19
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-05-19
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.023
Published
2018-05-19
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.036
Published
2018-05-19
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.19
Published
2018-05-19
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.452
Published
2018-05-19


Contact Us

Shodan ® - All rights reserved