Latest CVE Feed
-
9.8
CRITICALCVE-2017-5430
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabil... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28940
On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.... Read more
Affected Products : my_cloud_os_5 my_cloud_ex2_ultra my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 my_cloud_mirror_gen_2- Published: Dec. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28929
Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.... Read more
- Published: Dec. 16, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-1510
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to tri... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +7 more products- Published: Mar. 19, 2014
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2024-27841
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.... Read more
- Published: May. 14, 2024
- Modified: Dec. 09, 2024
-
9.8
CRITICALCVE-2014-1532
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitr... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus +6 more products- Published: Apr. 30, 2014
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2014-1511
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +7 more products- Published: Mar. 19, 2014
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2017-5897
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.... Read more
- Published: Mar. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2020-28926
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.... Read more
- Published: Nov. 30, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0725
A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.... Read more
Affected Products : windows_10 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server- Published: May. 16, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-1514
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +7 more products- Published: Mar. 19, 2014
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2024-27810
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.... Read more
- Published: May. 14, 2024
- Modified: Dec. 12, 2024
-
9.8
CRITICALCVE-2017-7784
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and ... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28871
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.... Read more
- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-1287
In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.... Read more
Affected Products : jmeter- Published: Feb. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-8225
On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI.... Read more
- Published: Apr. 25, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2024-27710
An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.... Read more
Affected Products : eskooly- Published: Jul. 05, 2024
- Modified: Apr. 16, 2025
-
9.8
CRITICALCVE-2020-28870
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php.... Read more
Affected Products : inoerp- Published: Feb. 10, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28872
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.... Read more
- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-27709
SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component.... Read more
Affected Products :- Published: Jul. 05, 2024
- Modified: Nov. 21, 2024