Total
23699 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7785 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | |||||
CVE-2017-5413 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
CVE-2018-5183 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | |||||
CVE-2018-4164 | 1 Apple | 1 Xcode | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component. | |||||
CVE-2017-5805 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found. | |||||
CVE-2018-0488 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | |||||
CVE-2017-5464 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2018-5982 | 1 Ordasoft | 1 Advertisement Board | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. | |||||
CVE-2018-13870 | 1 Hdfgroup | 1 Hdf5 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c. | |||||
CVE-2018-3822 | 1 Elastic | 1 X-pack | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. An attacker might have been able to impersonate a legitimate user if the SAML Identity Provider allows for self registration with arbitrary identifiers and the attacker can register an account which an identifier that shares a suffix with a legitimate account. Both of those conditions must be true in order to exploit this flaw. | |||||
CVE-2018-5779 | 1 Mitel | 2 Connect Onsite, St14.2 | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
CVE-2017-5442 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
CVE-2018-11547 | 1 Md4c Project | 1 Md4c | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | |||||
CVE-2017-17425 | 1 Quest | 1 Netvault Backup | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4237. | |||||
CVE-2018-5973 | 1 Eihitech | 1 Professional Local Directory Script | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. | |||||
CVE-2018-10731 | 1 Phoenixcontact | 58 Fl Switch 3004t-fx, Fl Switch 3004t-fx Firmware, Fl Switch 3004t-fx St and 55 more | 2023-12-10 | 9.3 HIGH | 9.0 CRITICAL |
All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). | |||||
CVE-2014-9991 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9625 and 39 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs. | |||||
CVE-2018-10660 | 1 Axis | 780 A1001, A1001 Firmware, A8004-v and 777 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. | |||||
CVE-2016-9075 | 1 Mozilla | 1 Firefox | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. | |||||
CVE-2015-4664 | 2 Broadcom, Xceedium | 2 Privileged Access Manager, Xsuite | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands. |