Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2018
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.088
Published
2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.098
Published
2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
8.8
EPSS Score
0.088
Published
2018-07-20
views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup.
CVSS Score
6.1
EPSS Score
0.022
Published
2018-07-20
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-07-20
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-07-20
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) caches usernames and passwords in browsers that could be used by a local attacker to obtain sensitive information. IBM X-Force ID: 130812.
CVSS Score
2.4
EPSS Score
0.001
Published
2018-07-20
IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) uses weaker than expected cryptographic algorithms that could allow a local attacker to decrypt highly sensitive information. IBM X-Force ID: 132032.
CVSS Score
5.1
EPSS Score
0.0
Published
2018-07-20
IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180.
CVSS Score
4.3
EPSS Score
0.003
Published
2018-07-20
IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-07-20


Contact Us

Shodan ® - All rights reserved