Skip to main content
CVE-2018-5159 CRITICAL POC THREAT Act Now

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
CVE-2018-6968 CRITICAL Act Now

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft RCE VMware Airwatch Agent
NVD
CVSS 3.0
10.0
EPSS
5.1%
CVE-2018-5183 CRITICAL Act Now

Mozilla developers backported selected changes in the Skia library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5155 CRITICAL Act Now

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-5154 CRITICAL Act Now

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-5151 CRITICAL Act Now

Memory safety bugs were reported in Firefox 59. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-5150 CRITICAL Act Now

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5148 CRITICAL Act Now

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5147 CRITICAL Act Now

The libtremor library has the same flaw as CVE-2018-5146. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Memory Corruption Buffer Overflow Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-5145 CRITICAL Act Now

Memory safety bugs were reported in Firefox ESR 52.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5128 CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5126 CRITICAL Act Now

Memory safety bugs were reported in Firefox 58. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5122 CRITICAL Act Now

A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-5116 CRITICAL Act Now

WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-5104 CRITICAL Act Now

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5103 CRITICAL Act Now

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5102 CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2018-5099 CRITICAL Act Now

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5098 CRITICAL Act Now

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5097 CRITICAL Act Now

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5096 CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5095 CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux +8
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-5092 CRITICAL Act Now

A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Information Disclosure Use After Free Firefox +1
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-5091 CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-5090 CRITICAL Act Now

Memory safety bugs were reported in Firefox 57. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-5089 CRITICAL Act Now

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-6512 CRITICAL Act Now

The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Pe Razor Server Puppet Enterprise Razor Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-12092 CRITICAL Act Now

tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Tinyexr
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy