Latest CVE Feed
-
9.8
CRITICALCVE-2019-11049
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-free... Read more
- EPSS Score: %1.97
- Published: Dec. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10655
Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, ... Read more
Affected Products : gac2500_firmware gvc3202_firmware gxv3275_firmware gxv3240_firmware gxp2200_firmware gac2500 gvc3202 gxv3275 gxv3240 gxp2200- EPSS Score: %85.16
- Published: Mar. 30, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1010238
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. ... Read more
- EPSS Score: %2.94
- Published: Jul. 19, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10053
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an... Read more
Affected Products : suricata- EPSS Score: %0.61
- Published: May. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0006
A certain crafted HTTP packet can trigger an uninitialized function pointer deference vulnerability in the Packet Forwarding Engine manager (fxpc) on all EX, QFX and MX Series devices in a Virtual Chassis configuration. This issue can result in a crash of... Read more
- EPSS Score: %5.92
- Published: Jan. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8919
Information exposure vulnerability in SYNO.Core.Desktop.SessionData in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to steal credentials via unspecified vectors.... Read more
- EPSS Score: %0.26
- Published: Dec. 24, 2018
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2018-8800
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.... Read more
- EPSS Score: %6.79
- Published: Feb. 05, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8786
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.... Read more
- EPSS Score: %21.92
- Published: Nov. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7761
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.... Read more
Affected Products : 140cpu65150_firmware 140cpu65160_firmware bmxnor0200h_firmware modicon_m340_bmxp341000_firmware modicon_m340_bmxp342020_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware modicon_m340_bmxp342020h_firmware modicon_m340_bmxp3420302_firmware modicon_m340_bmxp3420302h_firmware +104 more products- EPSS Score: %0.58
- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7753
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allo... Read more
Affected Products : bleach- EPSS Score: %0.54
- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7750
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is complet... Read more
- EPSS Score: %20.89
- Published: Mar. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, ... Read more
- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5154
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5150
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5104
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.... Read more
- EPSS Score: %22.11
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5099
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thun... Read more
- EPSS Score: %2.65
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-4353
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.... Read more
Affected Products : mac_os_x- EPSS Score: %0.50
- Published: Apr. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-3201
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access... Read more
Affected Products : weblogic_server- EPSS Score: %10.33
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-25011
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().... Read more
- EPSS Score: %0.41
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20180
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function rdpsnddbg_process() and results in memory corruption and probably even a remote code execution.... Read more
- EPSS Score: %15.35
- Published: Mar. 15, 2019
- Modified: Nov. 21, 2024