Security Vulnerabilities - CVEs Published In June 2017
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.079
Published
2017-06-20
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.086
Published
2017-06-20
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.079
Published
2017-06-20
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.233
Published
2017-06-20
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
CVSS Score
9.8
EPSS Score
0.152
Published
2017-06-20
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
CVSS Score
9.8
EPSS Score
0.09
Published
2017-06-20
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
CVSS Score
9.8
EPSS Score
0.428
Published
2017-06-20
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
CVSS Score
7.5
EPSS Score
0.719
Published
2017-06-20
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
CVSS Score
9.8
EPSS Score
0.337
Published
2017-06-20
The Milwaukee ONE-KEY Android mobile application stores the master token in plaintext in the apk binary.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-06-20