CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8419 matches found

Mozilla•added 2019/03/19 12:0 a.m.•168 views

Security vulnerabilities fixed in Firefox 66 — Mozilla

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. The type inference system allows the compilation of functions that can cause typ...

9.8CVSS0.19762EPSS

Exploits11References24Affected Software1

Tenable Nessus•added 2019/03/19 12:0 a.m.•257 views

Mozilla Firefox < 66.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some...

9.8CVSS7.5AI score0.19762EPSS

Exploits13References22

Tenable Nessus•added 2019/03/19 12:0 a.m.•51 views

Mozilla Firefox < 66.0

The version of Firefox installed on the remote Windows host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions,...

9.8CVSS7.5AI score0.19762EPSS

Exploits13References22

CNVD•added 2019/03/13 12:0 a.m.•2 views

Microsoft Edge and Microsoft Internet Explorer Security Bypass Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

4.3CVSS6.7AI score0.04499EPSS

Exploits0References1

Microsoft CVE•added 2019/03/12 7:0 a.m.•20 views

Microsoft Browsers Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploit...

4.3CVSS2.8AI score0.04499EPSS

Exploits0

Tenable Nessus•added 2019/03/12 12:0 a.m.•79 views

KB4489885: Windows 7 and Windows Server 2008 R2 March 2019 Security Update

The remote Windows host is missing security update 4489885 or cumulative update 4489878. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting fores...

9.3CVSS8.1AI score0.53298EPSS

Exploits11References35

Tenable Nessus•added 2019/03/12 12:0 a.m.•49 views

KB4489883: Windows 8.1 and Windows Server 2012 R2 March 2019 Security Update

The remote Windows host is missing security update 4489883 or cumulative update 4489881. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully...

9.3CVSS8.1AI score0.34209EPSS

Exploits1References33

Amazon•added 2019/03/07 12:0 a.m.•39 views

Critical: thunderbird

Issue Overview: A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.4,...

9.8CVSS9.4AI score0.09646EPSS

Exploits0

CNVD•added 2019/03/04 12:0 a.m.•2 views

Mozilla Firefox, Firefox ESR and Thunderbird Information Disclosure Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is email client software that supports IMAP, POP mail protocols, and the HTML mail format. A security vulnerability...

6.5CVSS8.9AI score0.0105EPSS

Exploits0References1

NVD•added 2019/02/28 6:29 p.m.•16 views

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS5.6AI score0.0105EPSS

Exploits0References4

OSV•added 2019/02/28 6:29 p.m.•1 views

DEBIAN-CVE-2018-18499

6.5CVSS7.3AI score0.0105EPSS

Exploits0References1

OSV•added 2019/02/28 6:29 p.m.•3 views

CVE-2018-12402

The internal WebBrowserPersist code does not use correct origin context for a resource being saved. This manifests when sub-resources are loaded as part of "Save Page As..." functionality. For example, a malicious page could recover a visitor's Windows username and NTLM hash by including resource...

6.5CVSS7.4AI score0.01406EPSS

Exploits0References6

NVD•added 2019/02/28 6:29 p.m.•55 views

CVE-2018-18494

A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS7.1AI score0.01549EPSS

Exploits0References15

OSV•added 2019/02/28 6:29 p.m.•1 views

DEBIAN-CVE-2018-18494

6.5CVSS8.6AI score0.01549EPSS

Exploits0References1

OSV•added 2019/02/28 6:29 p.m.•8 views

CVE-2018-18494

6.5CVSS8.7AI score

Exploits0References15