Security Vulnerabilities - CVEs Published In June 2018
An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-26
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270.
CVSS Score
5.8
EPSS Score
0.006
Published
2018-06-26
An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the current page URL.
CVSS Score
6.1
EPSS Score
0.012
Published
2018-06-26
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.
CVSS Score
8.8
EPSS Score
0.019
Published
2018-06-26
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
CVSS Score
7.5
EPSS Score
0.932
Published
2018-06-26
A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
4.9
EPSS Score
0.004
Published
2018-06-26
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which causes a denial of service (crash). The crash arises from code inside libdbus-send.so shared object or similar.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-26
There was a Memory Corruption issue discovered in multiple models of Axis IP Cameras which allows remote attackers to cause a denial of service (crash) by sending a crafted command which will result in a code path that calls the UND undefined ARM instruction.
CVSS Score
7.5
EPSS Score
0.012
Published
2018-06-26
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVSS Score
9.8
EPSS Score
0.923
Published
2018-06-26
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS Score
9.8
EPSS Score
0.905
Published
2018-06-26