Skip to main content
CVE-2018-5159 CRITICAL POC THREAT Act Now

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
CVE-2018-6961 HIGH POC KEV THREAT This Week

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE VMware Command Injection Nsx Sd Wan By Velocloud
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
86.4%
CVE-2018-12112 HIGH POC This Week

md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-12109 HIGH POC This Week

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Flif
NVD GitHub
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-5181 HIGH POC This Week

If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Firefox
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-12110 HIGH POC This Week

portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfoliocms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-12111 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Efi Printme
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-12099 MEDIUM POC PATCH This Month

Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana XSS Active Iq Performance Analytics Services Storagegrid Webscale Nas Bridge
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2018-12090 MEDIUM POC This Month

There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lams
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-6968 CRITICAL Act Now

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft RCE VMware Airwatch Agent
NVD
CVSS 3.0
10.0
EPSS
5.1%
CVE-2018-5183 CRITICAL Act Now

Mozilla developers backported selected changes in the Skia library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5155 CRITICAL Act Now

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-5154 CRITICAL Act Now

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-5151 CRITICAL Act Now

Memory safety bugs were reported in Firefox 59. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-5150 CRITICAL Act Now

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5148 CRITICAL Act Now

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5147 CRITICAL Act Now

The libtremor library has the same flaw as CVE-2018-5146. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Memory Corruption Buffer Overflow Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-5145 CRITICAL Act Now

Memory safety bugs were reported in Firefox ESR 52.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5128 CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5126 CRITICAL Act Now

Memory safety bugs were reported in Firefox 58. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5122 CRITICAL Act Now

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-5116 CRITICAL Act Now

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-5104 CRITICAL Act Now

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5103 CRITICAL Act Now

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5102 CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2018-5099 CRITICAL Act Now

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5098 CRITICAL Act Now

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5097 CRITICAL Act Now

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5096 CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5095 CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux +8
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-5092 CRITICAL Act Now

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Information Disclosure Use After Free Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5091 CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-5090 CRITICAL Act Now

Memory safety bugs were reported in Firefox 57. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-5089 CRITICAL Act Now

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-6512 CRITICAL Act Now

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Pe Razor Server Puppet Enterprise Razor Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-12092 CRITICAL Act Now

tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Tinyexr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-12108 MEDIUM POC This Month

An issue was discovered in Dropbox Lepton 1.2.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lepton
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-12102 MEDIUM POC This Month

md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Md4C
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-12095 MEDIUM POC This Month

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Oecms
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
5.6%
CVE-2018-12094 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dimofinf Cms
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.8%
CVE-2018-5165 MEDIUM POC This Month

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Adobe Information Disclosure Firefox
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2018-5158 HIGH PATCH This Week

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection RCE Debian Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
8.8
EPSS
10.6%
CVE-2018-5146 HIGH This Week

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
8.8
EPSS
12.1%
CVE-2018-5130 HIGH This Week

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-5127 HIGH This Week

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.8
EPSS
8.0%
CVE-2018-5125 HIGH This Week

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-6513 HIGH This Week

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Puppet Puppet Enterprise
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-5129 HIGH This Week

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Debian Linux Firefox +7
NVD
CVSS 3.0
8.6
EPSS
3.0%
CVE-2018-5141 HIGH This Week

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Ubuntu Linux
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-5178 HIGH This Week

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Buffer Overflow Debian Linux Firefox Thunderbird +8
NVD
CVSS 3.0
8.1
EPSS
5.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy