CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox 69, Thunderbird 68.1, Thunderbird 60.9, Firefox ESR 60.9, and Firefox ESR 68.1...

7.5CVSS9.1AI score0.0066EPSS

Exploits0References17

RedhatCVE•added 2020/04/06 5:7 p.m.•32 views

CVE-2019-11746

8.8CVSS2.1AI score0.0066EPSS

Exploits0References4

OSV•added 2019/09/27 6:15 p.m.•3 views

CVE-2019-11746

8.8CVSS8.7AI score

Exploits0References12

OSV•added 2019/09/27 6:15 p.m.•1 views

DEBIAN-CVE-2019-11746

8.8CVSS8.4AI score0.0066EPSS

Exploits0References1

Cvelist•added 2019/09/27 5:16 p.m.•15 views

CVE-2019-11746

8.9AI score0.0066EPSS

Exploits0References12

CVE•added 2019/09/27 5:16 p.m.•300 views

CVE-2019-11746

CVE-2019-11746 is a use-after-free in video element handling that can cause a crash. Public sources in connected advisories confirm impact on Firefox versions below 69, Thunderbird <68.1 and <60.9 (and ESR branches

8.8CVSS8.8AI score0.0066EPSS

Exploits0References12Affected Software3

Veracode•added 2019/09/11 12:6 a.m.•33 views

Use-After-Free

firefox is vulnerable to use-after-free. The vulnerability exists due to the manipulating video elements which allows an attacker to do a potentially exploitable crash in the application...

8.8CVSS8.9AI score0.0066EPSS

Exploits0References15Affected Software5

OSV•added 2018/07/23 8:29 a.m.•0 views

CVE-2018-14527

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

6.1CVSS5.8AI score0.0024EPSS

Exploits1References1

Prion•added 2018/07/23 8:29 a.m.•10 views

Cross site scripting

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

4.3CVSS6AI score0.0024EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/07/23 8:0 a.m.•10 views

CVE-2018-14527

Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements...

6.1AI score0.0024EPSS

Exploits1References1

Tenable Nessus•added 2018/02/12 12:0 a.m.•24 views

FreeBSD : mpv -- arbitrary code execution via crafted website (3ee6e521-0d32-11e8-99b0-d017c2987f9a)

mpv developers report : mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted website, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...

8.8CVSS8.2AI score0.01075EPSS

Exploits1References3

OSV•added 2018/01/28 2:29 a.m.•1 views

DEBIAN-CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

8.8CVSS7.6AI score0.01075EPSS

Exploits1References1

OSV•added 2018/01/28 2:29 a.m.•18 views

CVE-2018-6360

8.8CVSS7.8AI score

Exploits0References4