CVE-2018-4872

CRITICAL Year: 2018
CVSS v3 Score
10.0
Critical
CVSS v2 Score
10.0
Critical
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.

Related Vulnerabilities

CVE-2015-7930

CRITICAL
CVSS:10.0(Critical)

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

NVD-CWE-Other2015

CVE-2016-1343

CRITICAL
CVSS:10.0(Critical)

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in con...

NVD-CWE-Other2016

CVE-2016-20010

CRITICAL
CVSS:10.0(Critical)

EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.

NVD-CWE-Other2016

CVE-2016-4787

CRITICAL
CVSS:10.0(Critical)

Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directo...

NVD-CWE-Other2016

CVE-2017-10137

CRITICAL
CVSS:10.0(Critical)

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JNDI). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability...

NVD-CWE-Other2017

CVE-2017-10151

CRITICAL
CVSS:10.0(Critical)

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exp...

NVD-CWE-Other2017