Skip to main content
CVE-2018-6961 HIGH POC KEV THREAT This Week

VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE VMware Command Injection Nsx Sd Wan By Velocloud
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
86.4%
CVE-2018-12112 HIGH POC This Week

md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Md4C
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-12109 HIGH POC This Week

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Flif
NVD GitHub
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-5181 HIGH POC This Week

If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Firefox
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-12110 HIGH POC This Week

portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Portfoliocms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-5158 HIGH PATCH This Week

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection RCE Debian Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
8.8
EPSS
10.6%
CVE-2018-5146 HIGH This Week

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
8.8
EPSS
12.1%
CVE-2018-5130 HIGH This Week

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-5127 HIGH This Week

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.8
EPSS
8.0%
CVE-2018-5125 HIGH This Week

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-6513 HIGH This Week

Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Puppet Puppet Enterprise
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-5129 HIGH This Week

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Debian Linux Firefox +7
NVD
CVSS 3.0
8.6
EPSS
3.0%
CVE-2018-5141 HIGH This Week

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Ubuntu Linux
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2018-5178 HIGH This Week

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Buffer Overflow Debian Linux Firefox Thunderbird +8
NVD
CVSS 3.0
8.1
EPSS
5.1%
CVE-2018-5163 HIGH This Week

If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Firefox
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-5105 HIGH This Week

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6515 HIGH This Week

Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft RCE Puppet
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-6514 HIGH This Week

In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Puppet
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-5184 HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux Thunderbird Thunderbird Esr +8
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5182 HIGH This Week

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Firefox
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-5180 HIGH This Week

A use-after-free vulnerability can occur during WebGL operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Firefox +1
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-5177 HIGH This Week

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Ubuntu Linux Firefox
NVD
CVSS 3.0
7.5
EPSS
3.9%
CVE-2018-5174 HIGH This Week

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Thunderbird +1
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-5166 HIGH This Week

WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Ubuntu Linux Firefox
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-5162 HIGH This Week

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5160 HIGH This Week

WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Ubuntu Linux +1
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-5157 HIGH This Week

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-5153 HIGH This Week

If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-5137 HIGH This Week

A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-5136 HIGH This Week

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Ubuntu Linux Firefox
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-5135 HIGH This Week

WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-5134 HIGH This Week

WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-5115 HIGH This Week

If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-5113 HIGH This Week

The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-5112 HIGH This Week

Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Path Traversal Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5101 HIGH This Week

A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Firefox +1
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5100 HIGH This Week

A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Firefox +1
NVD
CVSS 3.0
7.5
EPSS
5.4%
CVE-2018-5094 HIGH This Week

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
15.4%
CVE-2018-5093 HIGH This Week

A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Firefox Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
20.0%
CVE-2018-12093 HIGH This Week

tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tinyexr
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-12089 HIGH This Week

In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Octopus Server
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-12025 HIGH This Week

The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Futurxe
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-5144 HIGH This Week

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.3
EPSS
3.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy