Latest CVE Feed
-
9.8
CRITICALCVE-2018-5341
An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts.... Read more
Affected Products : manageengine_desktop_central- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39017
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple... Read more
Affected Products : quartz- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5241
Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted p... Read more
- Published: May. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5203
DEXTUploadX5 version Between 1.0.0.0 and 2.2.0.0 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.... Read more
Affected Products : dextuploadx5- Published: Dec. 28, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5188
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability ... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5186
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.... Read more
- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5190
PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.... Read more
Affected Products : picturespro- Published: Apr. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5195
Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document.... Read more
Affected Products : thinkfree_office_neo- Published: Jan. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-38965
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.... Read more
Affected Products : lost_and_found_information_system- Published: Nov. 03, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39169
The affected devices use publicly available default credentials with administrative privileges.... Read more
- Published: Dec. 07, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5156
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thun... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5155
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < ... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-38944
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.... Read more
- Published: Mar. 06, 2024
- Modified: Jan. 03, 2025
-
9.8
CRITICALCVE-2018-5145
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thu... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5148
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 a... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-38940
Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.... Read more
- Published: Aug. 07, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference... Read more
- Published: Mar. 19, 2008
- Modified: Apr. 09, 2025
-
9.8
CRITICALCVE-2018-5098
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 5... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5096
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5092
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024