Lucene search
K

4372 matches found

OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS9.2AI score0.02344EPSS
Exploits0References1
Prion
Prion
added 2018/06/11 9:29 p.m.17 views

Design/Logic Flaw

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...

7.5CVSS9AI score0.0184EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2018/06/11 9:29 p.m.25 views

Design/Logic Flaw

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

7.5CVSS9AI score0.02344EPSS
Exploits0References12Affected Software10
Prion
Prion
added 2018/06/11 9:29 p.m.18 views

Design/Logic Flaw

Under certain circumstances the "fetch" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessib...

4.3CVSS6.3AI score0.02323EPSS
Exploits0References11Affected Software9
CVE
CVE
added 2018/06/11 9:0 p.m.134 views

CVE-2018-5092

CVE-2018-5092 is a use-after-free in Firefox related to Web Workers. Affected product: Mozilla Firefox (pre-58 versions). Description: the Web Worker thread may be freed from memory prematurely during fetch cancellation, causing memory safety issues. Impact stated in sources is memory safety risk...

9.8CVSS8.8AI score0.0184EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.171 views

CVE-2018-5131

CVE-2018-5131 affects Mozilla Firefox (ESR < 52.7 and Firefox

5.9CVSS6.3AI score0.02323EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.179 views

CVE-2017-7793

CVE-2017-7793 is a use-after-free in Thunderbird/Fetch API where the worker or window is freed while in use, leading to a potentially exploitable crash. Public details reference Thunderbird

9.8CVSS8.1AI score0.02344EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.23 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

8.3AI score0.02344EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.23 views

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

9.8CVSS9.9AI score0.02344EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.20 views

CVE-2018-5092

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox 58...

9.8CVSS9.6AI score0.0184EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/08 6:0 p.m.19 views

CVE-2018-4190

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote...

7.6AI score0.03582EPSS
Exploits0References8
OSV
OSV
added 2018/06/04 7:29 p.m.10 views

CVE-2017-16040

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/05/02 12:0 a.m.236 views

EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1118)

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the...

9.8CVSS8.2AI score0.12054EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2018/05/02 12:0 a.m.23 views

EulerOS 2.0 SP1 : firefox (EulerOS-SA-2018-1117)

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the...

9.8CVSS8.1AI score0.12054EPSS
Exploits3References9
OSV
OSV
added 2018/04/24 7:29 p.m.4 views

CVE-2016-9038

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special...

7.8CVSS6.1AI score0.00313EPSS
Exploits2References2
CVE
CVE
added 2018/04/24 7:0 p.m.55 views

CVE-2016-9038

CVE-2016-9038 : A double-fetch race condition exists in the Invincea-X (Dell Protected Workspace) SboxDrv.sys driver (version 6.1.3-24058). The vulnerability stems from reading a user-supplied pointer to a driver-version buffer twice: first via ProbeForWrite and then again during memcpy, using in...

7.8CVSS7.6AI score0.00313EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2018/04/24 7:0 p.m.33 views

CVE-2016-9038

An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special...

7.8CVSS7.7AI score0.00313EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2018/04/24 12:0 a.m.7 views

PT-2018-5057 · Invincea · Invincea-X

Name of the Vulnerable Software and Affected Versions: Invincea-X version 6.1.3-24058 Description: A double fetch vulnerability exists in the SboxDrv.sys driver functionality. This issue can be triggered by a specially crafted input buffer and a race condition, resulting in kernel memory...

7.8CVSS7.5AI score0.00313EPSS
Exploits2References3
CNVD
CNVD
added 2018/04/23 12:0 a.m.1 views

Multiple Apple products WebKit homology policy bypass vulnerability (CNVD-2018-09811)

Apple iOS, iCloud for Windows, iTunes for Windows, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. WebKit is an open source web...

6.5CVSS8.4AI score0.03137EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/04/18 7:29 p.m.28 views

CVE-2018-1000161

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against...

5.7CVSS6.1AI score0.01045EPSS
Exploits0References1
Rows per page
Query Builder