Lucene search
K

6025 matches found

RedHat Linux
RedHat Linux
added 2018/05/24 7:59 p.m.8 views

Mozilla: Encrypted mail leaks plaintext through src attribute

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

7.5CVSS7.4AI score0.0198EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/05/24 7:31 p.m.6 views

Mozilla: Hang via malformed headers

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

4.3CVSS7.4AI score0.02079EPSS
Exploits0References5
OSV
OSV
added 2018/05/23 12:0 a.m.4 views

UBUNTU-CVE-2018-5185

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

6.5CVSS7.3AI score0.01558EPSS
Exploits0References4
OSV
OSV
added 2018/05/23 12:0 a.m.3 views

UBUNTU-CVE-2018-5161

Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

4.3CVSS7.3AI score0.02079EPSS
Exploits0References4
OSV
OSV
added 2018/05/19 5:29 p.m.4 views

CVE-2018-4927

Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation...

7.8CVSS5.8AI score0.03652EPSS
Exploits0References2
OSV
OSV
added 2018/05/17 2:29 p.m.5 views

AZL-40842 CVE-2018-7159 affecting package rubygem-http_parser for versions less than 0.8.0-1

The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been...

5.3CVSS6.5AI score0.03621EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/16 12:0 a.m.3 views

ASUS RT-AC1200HP Cross-Site Scripting Vulnerability

ASUS RT-AC1200HP is a wireless router product from ASUS. A cross-site scripting vulnerability exists in the ASUS RT-AC1200HP using firmware versions prior to 3.0.0.4.380.4180. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.00899EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/05/14 2:48 p.m.5 views

Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

7.5CVSS7.2AI score0.01636EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/05/14 2:48 p.m.5 views

Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...

8.1CVSS7.5AI score0.05057EPSS
Exploits1References5
OSV
OSV
added 2018/05/11 12:0 a.m.1 views

UBUNTU-CVE-2018-5151

Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 60...

9.8CVSS7.4AI score0.02756EPSS
Exploits0References4
OSV
OSV
added 2018/05/11 12:0 a.m.4 views

UBUNTU-CVE-2018-5166

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox 60...

7.5CVSS7.2AI score0.02433EPSS
Exploits0References4
OSV
OSV
added 2018/05/11 12:0 a.m.2 views

UBUNTU-CVE-2018-5164

Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting XSS and other attacks. This vulnerability affects Firefox 60...

6.1CVSS6.8AI score0.01596EPSS
Exploits0References4
OSV
OSV
added 2018/04/26 5:29 a.m.10 views

AZL-7277 CVE-2018-10393 affecting package libvorbis for versions less than 1.3.7-1

barknoisehybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read...

7.5CVSS7AI score0.024EPSS
Exploits0References1
OSV
OSV
added 2018/04/05 9:29 p.m.4 views

CVE-2017-12090

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle...

7.5CVSS5.8AI score0.0362EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2018/04/05 8:7 p.m.5 views

Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 52.7 and Thunderbird 52.7...

9.8CVSS7.4AI score0.02971EPSS
Exploits0References5
OSV
OSV
added 2018/03/30 7:29 p.m.2 views

DEBIAN-CVE-2018-3741

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

6.1CVSS5.5AI score0.01289EPSS
Exploits0References1
OSV
OSV
added 2018/03/30 7:29 p.m.3 views

UBUNTU-CVE-2018-3741

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

6.1CVSS6.5AI score0.01289EPSS
Exploits0References3
OSV
OSV
added 2018/03/27 12:0 a.m.1 views

UBUNTU-CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

9.8CVSS7.1AI score0.03013EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/03/15 11:6 a.m.5 views

Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 52.7 and Thunderbird 52.7...

9.8CVSS7.4AI score0.02971EPSS
Exploits0References5
OSV
OSV
added 2018/03/14 12:0 a.m.3 views

UBUNTU-CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

8.6CVSS7.2AI score0.03045EPSS
Exploits2References5
Rows per page
Query Builder