High – Axxon patch card drivers will be labeled High severity if they have a CVSS base score of 7. Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0. Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. PHP Scripts Mall Alibaba Clone Script 1.
2 via a User Profile Field parameter. PHP Scripts Mall Learning and Examination Management System Script 2. 00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. The Pictview image processing library embedded in the ActivePDF toolkit through 2018.
18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images. An issue was discovered in Adobe Acrobat Reader 2018. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution.
TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. TTF font processing in the XPS module. This vulnerability is a security bypass vulnerability that leads to a sandbox escape.