Latest CVE Feed
-
9.8
CRITICALCVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, ... Read more
- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5154
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5150
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5104
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.... Read more
- EPSS Score: %22.11
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5099
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thun... Read more
- EPSS Score: %2.65
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-4353
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.... Read more
Affected Products : mac_os_x- EPSS Score: %0.50
- Published: Apr. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-3201
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access... Read more
Affected Products : weblogic_server- EPSS Score: %10.33
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-25011
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().... Read more
- EPSS Score: %0.41
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20180
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.... Read more
- EPSS Score: %15.35
- Published: Mar. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-19115
keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited a... Read more
- EPSS Score: %6.96
- Published: Nov. 08, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-17245
Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that cou... Read more
Affected Products : kibana- EPSS Score: %0.31
- Published: Dec. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-16983
NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.... Read more
- EPSS Score: %0.40
- Published: Sep. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-16328
In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c.... Read more
Affected Products : imagemagick- EPSS Score: %0.19
- Published: Sep. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12825
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.... Read more
- EPSS Score: %14.98
- Published: Aug. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1273
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can... Read more
- Actively Exploited
- EPSS Score: %94.01
- Published: Apr. 11, 2018
- Modified: Jul. 30, 2025
-
9.8
CRITICALCVE-2018-12549
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.... Read more
Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation satellite openj9- EPSS Score: %0.76
- Published: Feb. 11, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12390
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run ar... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- EPSS Score: %4.72
- Published: Feb. 28, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11780
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.... Read more
- EPSS Score: %9.34
- Published: Sep. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.... Read more
- EPSS Score: %0.30
- Published: May. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-10243
htp_parse_authorization_digest in htp_parsers.c in LibHTP 0.5.26 allows remote attackers to cause a heap-based buffer over-read via an authorization digest header.... Read more
Affected Products : libhtp- EPSS Score: %0.82
- Published: Apr. 04, 2019
- Modified: Nov. 21, 2024