Lucene search
K

6028 matches found

OSV
OSV
added 2018/03/27 12:0 a.m.2 views

UBUNTU-CVE-2018-5148

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.7.3 and Firefox 59.0.2...

9.8CVSS7.1AI score0.03013EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/03/15 11:6 a.m.5 views

Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07)

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR 52.7 and Thunderbird 52.7...

9.8CVSS7.4AI score0.02971EPSS
Exploits0References5
OSV
OSV
added 2018/03/14 12:0 a.m.3 views

UBUNTU-CVE-2018-5130

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR 52.7 and Firefox 59...

8.8CVSS7.2AI score0.02393EPSS
Exploits0References4
OSV
OSV
added 2018/03/14 12:0 a.m.3 views

UBUNTU-CVE-2018-5129

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird 52.7, Firefox ESR 52.7, and Firefox 59...

8.6CVSS7.2AI score0.03045EPSS
Exploits2References5
OSV
OSV
added 2018/03/01 5:29 a.m.9 views

AZL-6824 CVE-2017-18207 affecting package python2 for versions less than 2.7.18-8

The Waveread.readfmtchunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service divide-by-zero and exception via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications...

6.5CVSS6.7AI score0.01348EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/24 12:0 a.m.4 views

FreeXL heap buffer out-of-bounds read vulnerability (CNVD-2018-05154)

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A heap buffer out-of-bounds read vulnerability exists in the 'parseSST' function in versions of FreeXL prior to 1.0.5. An attacker can exploit this...

8.8CVSS6.8AI score0.02176EPSS
Exploits1References1
CNVD
CNVD
added 2018/02/07 12:0 a.m.4 views

Suricata HTTP Inspection Bypass Vulnerability

Suricata is a set of network intrusion detection system IDS, intrusion prevention system IPS and network security monitoring engine developed by the Open Information Security Foundation OISF and its supported vendors, which supports multi-threading, built-in IPv6, and the ability to load...

5.3CVSS6.8AI score0.24712EPSS
Exploits4References1
OSV
OSV
added 2018/01/25 2:29 p.m.4 views

CVE-2018-4837

A vulnerability has been identified in TeleControl Server Basic V3.1. An attacker with access to the TeleControl Server Basic's webserver port 80/tcp or 443/tcp could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected...

7.5CVSS5.7AI score0.02664EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/01/24 10:5 a.m.5 views

Mozilla: Use-after-free with widget listener (MFSA 2018-03)

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefo...

9.8CVSS7.3AI score0.03066EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/01/24 10:5 a.m.6 views

Mozilla: Use-after-free while editing form elements (MFSA 2018-03)

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS7.4AI score0.02997EPSS
Exploits0References5
CNVD
CNVD
added 2018/01/24 12:0 a.m.10 views

Unspecified Vulnerability in JBMC DirectAdmin

JBMC DirectAdmin is a server visual management panel from JBMC Software Canada. A security vulnerability exists in JBMC DirectAdmin versions prior to 1.52. A remote attacker can exploit this vulnerability by sending a request to gain access or cause a denial of service segmentation error...

9.8CVSS7AI score0.01393EPSS
Exploits0References1
OSV
OSV
added 2018/01/23 12:0 a.m.3 views

UBUNTU-CVE-2018-5111

When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects...

6.5CVSS6.8AI score0.01601EPSS
Exploits0References4
CNVD
CNVD
added 2017/12/25 12:0 a.m.3 views

Auth0 passport-wsfed-saml2 elevation of privilege vulnerability

Auth0 passport-wsfed-saml2 library is a set of Auth0 development platform of the United States Auth0 company's tool library . A security vulnerability exists in Auth0 passport-wsfed-saml2 library versions prior to 3.0.5. An attacker can exploit the vulnerability to spoof other users and potential...

9.3CVSS6.8AI score0.01378EPSS
Exploits0References1
OSV
OSV
added 2017/11/15 12:0 a.m.2 views

UBUNTU-CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...

7.3CVSS7.1AI score0.01522EPSS
Exploits0References4
OSV
OSV
added 2017/11/15 12:0 a.m.2 views

UBUNTU-CVE-2017-7827

Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 57...

9.8CVSS7.4AI score0.0274EPSS
Exploits0References4
OSV
OSV
added 2017/11/15 12:0 a.m.6 views

UBUNTU-CVE-2017-7838

Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited...

5.3CVSS6.8AI score0.01471EPSS
Exploits0References4
CNVD
CNVD
added 2017/11/14 12:0 a.m.5 views

Symantec Endpoint Encryption Denial of Service Vulnerability (CNVD-2017-36540)

Symantec Endpoint Encryption SEE is a suite of software from Symantec Corporation that provides advanced encryption and management capabilities for desktops, laptops, and removable storage devices. A security vulnerability exists in Symantec Endpoint Encryption in versions prior to SEE 11.1.3MP1...

6.8CVSS6.7AI score0.00333EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2017/10/23 12:0 a.m.6 views

CVE-2017-9947

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server 80/tcp and 443/tcp to obtain information on the structure o...

6.5AI score0.07284EPSS
Exploits4References4
OSV
OSV
added 2017/10/13 5:29 p.m.7 views

CVE-2017-6223

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating...

8.8CVSS6AI score0.0172EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/08/24 6:45 a.m.8 views

Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19)

An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.1CVSS7.3AI score0.03186EPSS
Exploits1References5
Rows per page
Query Builder