US-CERT - SB18-169: Vulnerability Summary for the Week of June 11, 2018
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
microsoft -- windows_10 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | 2018-06-14 | 7.2 | CVE-2018-8233 BID SECTRACK CONFIRM |
microsoft -- windows_10 | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-06-14 | 7.6 | CVE-2018-8251 BID SECTRACK CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
389-ds-base -- 389-ds-base |
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. | 2018-06-13 | not yet calculated | CVE-2018-10850 CONFIRM CONFIRM CONFIRM |
acccheck -- acccheck |
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line. | 2018-06-13 | not yet calculated | CVE-2018-12268 MISC |
apache -- geode |
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege. | 2018-06-13 | not yet calculated | CVE-2017-15695 BID MLIST |
apache -- tika |
Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files. | 2018-06-14 | not yet calculated | CVE-2018-12418 MISC MISC |
apple -- ios_and_safari |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. | 2018-06-08 | not yet calculated | CVE-2018-4247 BID SECTRACK CONFIRM CONFIRM MISC |
apple -- macos_and_osx |
An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | 2018-06-13 | not yet calculated | CVE-2018-10406 MISC |
apple -- macos_and_osx |
An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | 2018-06-13 | not yet calculated | CVE-2018-10405 MISC |
apple -- macos_and_osx |
An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | 2018-06-13 | not yet calculated | CVE-2018-10403 MISC |
apple -- macos_and_osx |
An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | 2018-06-13 | not yet calculated | CVE-2018-10404 MISC |
apple -- macos_and_osx |
An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | 2018-06-13 | not yet calculated | CVE-2018-10407 MISC |
apple -- macos_and_osx |
An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | 2018-06-13 | not yet calculated | CVE-2018-10408 MISC |
apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. | 2018-06-08 | not yet calculated | CVE-2018-4222 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
apple -- multiple_products |
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free. | 2018-06-08 | not yet calculated | CVE-2018-4218 SECTRACK MISC CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM EXPLOIT-DB |
apple -- safari |
An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. | 2018-06-08 | not yet calculated | CVE-2018-4205 BID SECTRACK CONFIRM |
artica -- pandora_fms |
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | 2018-06-15 | not yet calculated | CVE-2018-11222 MISC CONFIRM |
artica -- pandora_fms |
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | 2018-06-15 | not yet calculated | CVE-2018-11223 MISC CONFIRM |
artica -- pandora_fms |
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | 2018-06-15 | not yet calculated | CVE-2018-11221 MISC CONFIRM |
articlecms -- articlecms |
ArticleCMS through 2017-02-19 has XSS via an "add an article" action. | 2018-06-13 | not yet calculated | CVE-2018-12339 MISC |
automated_logic_corporation -- webctrl |
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. | 2018-06-14 | not yet calculated | CVE-2018-8819 MISC FULLDISC MISC |
blackcatcms -- blackcatcms |
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel. | 2018-06-14 | not yet calculated | CVE-2018-10821 CONFIRM CONFIRM |
boringssl -- boringssl |
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12440 MISC |
botan -- botan |
Botan 2.5.0 through 2.6.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12435 CONFIRM MISC |
canon -- printme_efi_webinterface |
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI. | 2018-06-11 | not yet calculated | CVE-2018-12111 MISC EXPLOIT-DB |
chevereto_free -- chevereto_free |
Chevereto Free before 1.0.13 has XSS. | 2018-06-15 | not yet calculated | CVE-2018-12030 MISC CONFIRM |
digium – asterisk |
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. | 2018-06-12 | not yet calculated | CVE-2018-12227 CONFIRM BID CONFIRM |
digium – asterisk |
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. | 2018-06-12 | not yet calculated | CVE-2018-12228 CONFIRM BID CONFIRM |
dimofinf -- cms |
Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 2018-06-11 | not yet calculated | CVE-2018-12094 MISC EXPLOIT-DB |
discount -- discount |
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | 2018-06-15 | not yet calculated | CVE-2018-12495 MISC |
dropbox -- lepton |
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed file. | 2018-06-11 | not yet calculated | CVE-2018-12108 MISC |
elliptic_curve -- cryptography_library |
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12438 MISC |
enigmail -- enigmail |
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 2018-06-13 | not yet calculated | CVE-2018-12019 MISC MISC |
ethereum -- futurxe_token |
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key. | 2018-06-11 | not yet calculated | CVE-2018-12025 MISC |
exadel -- flamingo_amf-serializer |
The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery. | 2018-06-11 | not yet calculated | CVE-2017-3206 BID MISC MISC CERT-VN |
exadel -- flamingo_amf-serializer |
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | 2018-06-11 | not yet calculated | CVE-2017-3201 BID MISC MISC CERT-VN |
exadel -- flamingo_amf-serializer |
The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized. | 2018-06-11 | not yet calculated | CVE-2017-3202 BID MISC MISC CERT-VN |
exiv2 -- exiv2 |
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. | 2018-06-13 | not yet calculated | CVE-2018-12265 CONFIRM CONFIRM |
exiv2 -- exiv2 |
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. | 2018-06-13 | not yet calculated | CVE-2018-12264 CONFIRM CONFIRM |
expresscart -- expresscart |
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | 2018-06-15 | not yet calculated | CVE-2018-12457 MISC MISC MISC |
ffmpeg -- ffmpeg |
libavcodec in FFmpeg 4.0 may trigger a NULL pointer dereference if the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4, leading to a denial of service, related to idctdsp.c and mpegvideo.c. | 2018-06-15 | not yet calculated | CVE-2018-12460 CONFIRM |
ffmpeg -- ffmpeg |
An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | 2018-06-15 | not yet calculated | CVE-2018-12459 CONFIRM |
ffmpeg -- ffmpeg |
An improper integer type in the mpeg4_encode_gop_header function in libavcodec/mpeg4videoenc.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service. | 2018-06-15 | not yet calculated | CVE-2018-12458 CONFIRM |
free_lossless_image_format -- free_lossless_image_format |
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PAM image file. | 2018-06-11 | not yet calculated | CVE-2018-12109 MISC |
gnome -- evolution |
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. | 2018-06-15 | not yet calculated | CVE-2018-12422 MISC MISC |
gnu --freedink_dfarc | Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the user's system. | 2018-06-12 | not yet calculated | CVE-2018-0496 CONFIRM CONFIRM |
gnupg -- gnupg |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. | 2018-06-08 | not yet calculated | CVE-2018-12020 MISC BID SECTRACK MISC MISC UBUNTU UBUNTU DEBIAN DEBIAN DEBIAN |
grafana -- grafana |
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | 2018-06-11 | not yet calculated | CVE-2018-12099 CONFIRM CONFIRM |
graniteds -- graniteds |
The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | 2018-06-11 | not yet calculated | CVE-2017-3199 BID MISC MISC CERT-VN |
graniteds -- graniteds |
The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized. | 2018-06-11 | not yet calculated | CVE-2017-3200 BID MISC MISC CERT-VN |
hongcms -- hongcms |
system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | 2018-06-13 | not yet calculated | CVE-2018-12266 MISC |
huawei -- hg255s-10 |
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication. | 2018-06-14 | not yet calculated | CVE-2017-17309 CONFIRM |
huawei -- lyo-l21_smart_phones |
Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability. An authenticated, local attacker can crafts malformed packets after tricking a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause the attacker to obtain a higher privilege of the smart phones. | 2018-06-14 | not yet calculated | CVE-2017-17172 CONFIRM |
huawei -- mate_9_smart_phones |
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution. | 2018-06-14 | not yet calculated | CVE-2017-17173 CONFIRM |
ibm -- financial_transaction_manager_for_ach_services_for_multi-platform |
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138378. | 2018-06-13 | not yet calculated | CVE-2018-1393 CONFIRM BID XF |
ibm -- netezza_platform_software |
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211. | 2018-06-15 | not yet calculated | CVE-2018-1460 CONFIRM XF MISC |
ibm -- spectrum_scale |
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node. IBM X-Force ID: 139240. | 2018-06-13 | not yet calculated | CVE-2018-1431 CONFIRM XF |
ibm -- websphere_mq | IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949. | 2018-06-15 | not yet calculated | CVE-2018-1419 CONFIRM XF |
icehrm -- icehrm |
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. | 2018-06-14 | not yet calculated | CVE-2018-12420 CONFIRM CONFIRM |
icms -- icms |
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | 2018-06-15 | not yet calculated | CVE-2018-12498 MISC |
ignite – realtime_openfire |
Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2018-06-13 | not yet calculated | CVE-2018-11688 MISC FULLDISC BUGTRAQ |
java_melody -- java_melody |
JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. | 2018-06-14 | not yet calculated | CVE-2018-12432 MISC |
joomla! -- joomla! |
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. | 2018-06-12 | not yet calculated | CVE-2018-12254 MISC EXPLOIT-DB |
joomla! -- joomla! |
The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2018-06-14 | not yet calculated | CVE-2018-11690 MISC BUGTRAQ |
jtdowney -- private_address_check |
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address. | 2018-06-13 | not yet calculated | CVE-2018-3759 MISC |
knowage -- knowage |
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. | 2018-06-13 | not yet calculated | CVE-2018-12353 MISC |
knowage -- knowage |
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. | 2018-06-13 | not yet calculated | CVE-2018-12354 MISC |
knowage -- knowage |
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. | 2018-06-13 | not yet calculated | CVE-2018-12355 MISC |
lams -- lams |
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. | 2018-06-11 | not yet calculated | CVE-2018-12090 CONFIRM |
libavcodec -- libavcodec |
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | 2018-06-15 | not yet calculated | CVE-2018-12447 MISC MISC |
libgcrypt -- libgcrypt |
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-13 | not yet calculated | CVE-2018-0495 MISC MISC MISC MISC |
libmagic.a -- libmagic.a |
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | 2018-06-11 | not yet calculated | CVE-2018-10360 CONFIRM UBUNTU |
libressl -- libressl |
LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12434 MISC MISC MISC |
libtomcrypt -- libtomcrypt |
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12437 MISC |
linux -- linux_kernel |
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | 2018-06-12 | not yet calculated | CVE-2018-5803 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM MLIST SECUNIA MISC UBUNTU UBUNTU UBUNTU DEBIAN DEBIAN MLIST MLIST |
linux -- linux_kernel |
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. | 2018-06-12 | not yet calculated | CVE-2018-12233 BID MISC MISC |
linux -- linux_kernel |
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash. | 2018-06-12 | not yet calculated | CVE-2018-12232 MISC BID MISC MISC MISC |
linux -- linux_kernel |
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets. | 2018-06-12 | not yet calculated | CVE-2018-5814 SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM SECUNIA MISC |
little_snitch -- little_snitch |
Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid. | 2018-06-12 | not yet calculated | CVE-2018-10470 CONFIRM MISC |
ltb -- ltb_self_service_password |
LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string. | 2018-06-14 | not yet calculated | CVE-2018-12421 MISC MISC MISC |
maccms -- maccms |
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | 2018-06-14 | not yet calculated | CVE-2018-12114 MISC MISC EXPLOIT-DB |
matrix-org -- synapse |
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly. | 2018-06-13 | not yet calculated | CVE-2018-12291 CONFIRM CONFIRM |
matrix-org -- synapse |
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | 2018-06-14 | not yet calculated | CVE-2018-12423 MISC MISC MISC |
matrixssl -- matrixssl |
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12439 MISC |
mcafee -- epolicy_orchestrator |
Information disclosure vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows authenticated users to view sensitive information in plain text format via unspecified vectors. | 2018-06-15 | not yet calculated | CVE-2018-6672 CONFIRM |
mcafee -- epolicy_orchestrator |
OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | 2018-06-13 | not yet calculated | CVE-2017-3936 BID CONFIRM |
mcafee -- epolicy_orchestrator |
Application Protection Bypass vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.0 through 5.3.3 and 5.9.0 through 5.9.1 allows remote authenticated users to bypass localhost only access security protection for some ePO features via a specially crafted HTTP request. | 2018-06-15 | not yet calculated | CVE-2018-6671 CONFIRM |
mcafee -- network_security_management |
Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | 2018-06-12 | not yet calculated | CVE-2017-3962 CONFIRM |
mcafee -- network_security_management |
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter. | 2018-06-12 | not yet calculated | CVE-2017-3960 CONFIRM |
mcafee -- network_security_management |
Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | 2018-06-13 | not yet calculated | CVE-2017-3968 CONFIRM CONFIRM |
mcafee -- threat_intelligence_exchange |
Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | 2018-06-13 | not yet calculated | CVE-2017-3907 CONFIRM |
md4c -- md4c |
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. | 2018-06-11 | not yet calculated | CVE-2018-12112 MISC |
md4c -- md4c |
md4c 0.2.6 has a NULL pointer dereference in the function md_process_line in md4c.c, related to ctx->current_block. | 2018-06-11 | not yet calculated | CVE-2018-12102 MISC MISC |
microsoft -- chakracore |
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267. | 2018-06-14 | not yet calculated | CVE-2018-8243 BID CONFIRM |
microsoft -- edge | An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871. | 2018-06-14 | not yet calculated | CVE-2018-8234 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227. | 2018-06-14 | not yet calculated | CVE-2018-8229 BID SECTRACK CONFIRM |
microsoft -- edge_and_chakracore |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229. | 2018-06-14 | not yet calculated | CVE-2018-8227 BID SECTRACK CONFIRM |
microsoft -- edge |
An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234. | 2018-06-14 | not yet calculated | CVE-2018-0871 BID SECTRACK CONFIRM |
microsoft -- edge |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236. | 2018-06-14 | not yet calculated | CVE-2018-8110 BID SECTRACK CONFIRM |
microsoft -- edge |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236. | 2018-06-14 | not yet calculated | CVE-2018-8111 BID SECTRACK CONFIRM |
microsoft -- edge |
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111. | 2018-06-14 | not yet calculated | CVE-2018-8236 BID SECTRACK CONFIRM |
microsoft -- edge |
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | 2018-06-14 | not yet calculated | CVE-2018-8235 BID SECTRACK CONFIRM |
microsoft -- internet_explorer | A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | 2018-06-14 | not yet calculated | CVE-2018-8113 BID SECTRACK CONFIRM |
microsoft -- internet_explorer |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249. | 2018-06-14 | not yet calculated | CVE-2018-0978 BID SECTRACK CONFIRM |
microsoft -- internet_explorer |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243. | 2018-06-14 | not yet calculated | CVE-2018-8267 BID SECTRACK CONFIRM |
microsoft -- internet_explorer |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978. | 2018-06-14 | not yet calculated | CVE-2018-8249 BID SECTRACK CONFIRM |
microsoft -- multiple_products | An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | 2018-06-14 | not yet calculated | CVE-2018-8246 BID SECTRACK CONFIRM |
microsoft -- office_and_office_online_server |
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. | 2018-06-14 | not yet calculated | CVE-2018-8247 BID SECTRACK CONFIRM |
microsoft -- office_and_outlook |
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook. | 2018-06-14 | not yet calculated | CVE-2018-8244 BID SECTRACK CONFIRM |
microsoft -- office |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office. | 2018-06-14 | not yet calculated | CVE-2018-8248 BID SECTRACK CONFIRM |
microsoft -- publisher |
An elevation of privilege vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Publisher. This CVE ID is unique from CVE-2018-8247. | 2018-06-14 | not yet calculated | CVE-2018-8245 BID SECTRACK CONFIRM |
microsoft -- sharepoint |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254. | 2018-06-14 | not yet calculated | CVE-2018-8252 BID SECTRACK CONFIRM |
microsoft -- sharepoint |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. | 2018-06-14 | not yet calculated | CVE-2018-8254 BID SECTRACK CONFIRM |
microsoft -- windows | A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8231 BID SECTRACK CONFIRM |
microsoft -- windows |
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-0982 BID SECTRACK CONFIRM EXPLOIT-DB |
microsoft -- windows |
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214. | 2018-06-14 | not yet calculated | CVE-2018-8208 BID SECTRACK CONFIRM |
microsoft -- windows |
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8210. | 2018-06-14 | not yet calculated | CVE-2018-8213 BID SECTRACK CONFIRM |
microsoft -- windows |
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | 2018-06-14 | not yet calculated | CVE-2018-8224 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221. | 2018-06-14 | not yet calculated | CVE-2018-8216 BID SECTRACK CONFIRM |
microsoft -- windows |
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8219 BID SECTRACK CONFIRM |
microsoft -- windows |
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8239 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 2018-06-14 | not yet calculated | CVE-2018-8201 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 2018-06-14 | not yet calculated | CVE-2018-8212 BID SECTRACK CONFIRM |
microsoft -- windows |
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8209 BID SECTRACK CONFIRM |
microsoft -- windows |
An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8169 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 2018-06-14 | not yet calculated | CVE-2018-8211 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | 2018-06-14 | not yet calculated | CVE-2018-8215 BID SECTRACK CONFIRM |
microsoft -- windows |
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-1036 BID SECTRACK CONFIRM |
microsoft -- windows |
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8226 BID SECTRACK CONFIRM |
microsoft -- windows |
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121. | 2018-06-14 | not yet calculated | CVE-2018-8207 BID SECTRACK CONFIRM |
microsoft -- windows |
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-1040 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221. | 2018-06-14 | not yet calculated | CVE-2018-8217 BID SECTRACK CONFIRM |
microsoft -- windows |
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8225 BID SECTRACK CONFIRM |
microsoft -- windows |
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8218 BID SECTRACK CONFIRM |
microsoft -- windows |
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217. | 2018-06-14 | not yet calculated | CVE-2018-8221 BID SECTRACK CONFIRM |
microsoft -- windows |
An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10. | 2018-06-14 | not yet calculated | CVE-2018-8175 BID SECTRACK CONFIRM |
microsoft -- windows |
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213. | 2018-06-14 | not yet calculated | CVE-2018-8210 BID SECTRACK CONFIRM |
microsoft -- windows |
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. | 2018-06-14 | not yet calculated | CVE-2018-8140 BID SECTRACK CONFIRM |
microsoft -- windows |
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208. | 2018-06-14 | not yet calculated | CVE-2018-8214 BID SECTRACK CONFIRM |
microsoft -- windows |
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207. | 2018-06-14 | not yet calculated | CVE-2018-8121 BID SECTRACK CONFIRM |
microsoft -- windows |
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | 2018-06-14 | not yet calculated | CVE-2018-8205 BID SECTRACK CONFIRM |
midnight_coders -- weborb_for_java |
The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | 2018-06-11 | not yet calculated | CVE-2017-3207 BID MISC MISC CERT-VN |
midnight_coders -- weborb_for_java |
The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery. | 2018-06-11 | not yet calculated | CVE-2017-3208 BID MISC MISC CERT-VN |
momentum -- axel |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download. | 2018-06-12 | not yet calculated | CVE-2018-12257 MISC |
momentum -- axel |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Root access can be obtained via UART pins without any restrictions, which leads to full system compromise. | 2018-06-12 | not yet calculated | CVE-2018-12259 MISC |
momentum -- axel |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. | 2018-06-13 | not yet calculated | CVE-2018-12323 MISC |
momentum -- axel |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. The root password can be obtained in cleartext by issuing the command 'showKey' from the root CLI. This password may be the same on all devices | 2018-06-12 | not yet calculated | CVE-2018-12260 MISC |
momentum -- axel |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting. | 2018-06-12 | not yet calculated | CVE-2018-12258 MISC |
momentum -- axel |
An issue was discovered on Momentum Axel 720P 5.1.8 devices. All processes run as root. | 2018-06-12 | not yet calculated | CVE-2018-12261 MISC |
mozilla -- firefox | The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local file system. This loading is blocked by the sandbox but could expose local data if combined with another attack that escapes sandbox protections. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5118 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect WebExtensions. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5137 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7780 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7759 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7796 SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5165 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9077 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5463 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7815 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Proxy Auto-Config (PAC) files can specify a JavaScript function called for all URL requests with the full URL path which exposes more information than would be sent to the proxy itself in the case of HTTPS. Normally the Proxy Auto-Config file is specified by the user or machine owner and presumed to be non-malicious, but if a user has enabled Web Proxy Auto Detect (WPAD) this file can be served remotely. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5384 BID SECTRACK CONFIRM MISC CONFIRM |
mozilla -- firefox | A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7817 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the Linux operating system. Other operating systems are not affected. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7794 SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5392 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox < 49.0.2. | 2018-06-11 | not yet calculated | CVE-2016-5287 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1. | 2018-06-11 | not yet calculated | CVE-2016-9903 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9073 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5395 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5113 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | The cache directory on the local file system is set to be world writable. Firefox defaults to extracting libraries from this cache. This allows for the possibility of an installed malicious application or tools with write access to the file system to replace files used by Firefox with their own versions. This vulnerability affects Firefox < 51.0.3. | 2018-06-11 | not yet calculated | CVE-2017-5397 BID CONFIRM CONFIRM |
mozilla -- firefox | WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5160 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Malicious sites can display a spoofed addressbar on a page when the existing location bar on the new page is scrolled out of view if an HTML editable page element is user selected. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5452 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: the dialog to open the file will show the full, correct filename and whether it is executable or not. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5173 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5177 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9062 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5180 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7808 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: This attack requires an attacker have local system access and only affects OS X and Linux. Windows systems are not affected. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7836 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5135 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5110 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5176 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-5471 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5094 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5391 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier releases are not affected. This vulnerability affects Firefox < 57.0.1. | 2018-06-11 | not yet calculated | CVE-2017-7844 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7770 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7789 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7788 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5114 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1. | 2018-06-11 | not yet calculated | CVE-2016-9078 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5181 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7833 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7811 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox | WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5105 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox | If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5153 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox_and_firefox_esr | The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | 2018-06-11 | not yet calculated | CVE-2016-9902 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. | 2018-06-11 | not yet calculated | CVE-2018-5148 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- firefox_and_firefox_esr | HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1. | 2018-06-11 | not yet calculated | CVE-2016-9901 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr | WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5386 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr | A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5456 BID SECTRACK REDHAT CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr | The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7798 BID SECTRACK REDHAT CONFIRM DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr | A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5091 BID SECTRACK REDHAT CONFIRM MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. | 2018-06-11 | not yet calculated | CVE-2017-7843 BID BID SECTRACK REDHAT CONFIRM MLIST DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1. | 2018-06-11 | not yet calculated | CVE-2018-5147 BID SECTRACK CONFIRM MLIST MLIST DEBIAN DEBIAN CONFIRM |
mozilla -- firefox_and_firefox_esr |
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7766 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7767 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5131 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5293 BID SECTRACK CONFIRM GENTOO CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5157 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9064 REDHAT BID SECTRACK CONFIRM GENTOO CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintenance Service executes with privileged access, bypassing system protections against unprivileged users. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7768 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5455 BID SECTRACK REDHAT CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. | 2018-06-11 | not yet calculated | CVE-2017-5428 REDHAT BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through the Mozilla Maintenance Service, allowing the manipulation of files in the installation directory and privilege escalation by manipulating the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7760 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7761 BID SECTRACK CONFIRM MISC CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5448 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52. | 2018-06-11 | not yet calculated | CVE-2017-5409 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5158 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_firefox_esr |
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5130 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird | A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5412 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird | The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5414 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird | If a malicious site uses the "view-source:" protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making "view-source:" linkable. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5422 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5421 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5419 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
On Linux, if the secure computing mode BPF (seccomp-bpf) filter is running when the Gecko Media Plugin sandbox is started, the sandbox fails to be applied and items that would run within the sandbox are run protected only by the running filter which is typically weak compared to the sandbox. Note: this issue only affects Linux. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5426 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
A segmentation fault can occur during some bidirectional layout operations. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5413 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5406 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5418 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
Memory safety bugs were reported in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5399 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. | 2018-06-11 | not yet calculated | CVE-2018-5096 BID REDHAT REDHAT CONFIRM MLIST MLIST DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5411 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. | 2018-06-11 | not yet calculated | CVE-2018-5145 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9905 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5416 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5403 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox_and_thunderbird |
The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | 2018-06-11 | not yet calculated | CVE-2017-5425 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1. | 2018-06-11 | not yet calculated | CVE-2016-9080 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5107 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5138 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5151 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9075 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5126 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1. | 2018-06-11 | not yet calculated | CVE-2016-9894 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5374 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5100 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9067 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox |
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7832 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5458 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7799 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9063 BID SECTRACK SECTRACK CONFIRM DEBIAN CONFIRM |
mozilla -- firefox |
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7831 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5164 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5109 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5289 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A STUN server in conjunction with a large number of "webkitRTCPeerConnection" objects can be used to send large STUN packets in a short period of time due to a lack of rate limiting being applied on e10s systems, allowing for a denial of service attack. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5388 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7827 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5298 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7797 SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5299 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7820 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5093 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5134 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. This vulnerability affects Firefox < 52. | 2018-06-11 | not yet calculated | CVE-2017-5420 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5106 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5166 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5379 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | 2018-06-11 | not yet calculated | CVE-2016-9896 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5132 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5389 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5172 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5394 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5115 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5292 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5136 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7835 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5143 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7790 SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files. This vulnerability affects Firefox < 52. | 2018-06-11 | not yet calculated | CVE-2017-5427 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious page. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5140 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5450 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5141 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5182 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "<track>" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5387 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5108 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5453 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5142 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks. This vulnerability affects Firefox < 52. | 2018-06-11 | not yet calculated | CVE-2017-5417 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by "blob:" as the protocol, leading to user confusion and further spoofing attacks. This vulnerability affects Firefox < 52. | 2018-06-11 | not yet calculated | CVE-2017-5415 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the parent process then runs this replaced code, the executed script would be run with the parent process' privileges, escaping the sandbox on content processes. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5163 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9071 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5119 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7781 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7783 BID SECTRACK CONFIRM EXPLOIT-DB CONFIRM |
mozilla -- firefox |
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2. | 2018-06-11 | not yet calculated | CVE-2016-5288 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username and an encrypted password during login to Firefox Accounts. This issue does not expose synchronization traffic directly and is limited to the process of user login to the website and the data displayed to the user once logged in. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5152 BID SECTRACK CONFIRM CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7822 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9065 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The "export" function in the Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes, allowing certificate content to be saved in unsafe locations with an arbitrary filename. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5381 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those document types. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7821 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5169 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54. | 2018-06-11 | not yet calculated | CVE-2017-7762 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7842 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5175 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypassing same-origin user expectations with this permission. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5116 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This stored preference is also executed whenever an EME video player plugin displays a CDM-disabled message as a notification message. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5133 BID SECTRACK CONFIRM CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7806 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5377 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5468 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5128 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5382 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7812 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7834 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7837 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60. | 2018-06-11 | not yet calculated | CVE-2018-5167 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5295 BID SECTRACK CONFIRM CONFIRM CONFIRM |
mozilla -- firefox |
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matches JavaScript identifier syntax. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7813 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7838 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7840 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5393 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5112 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9070 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5092 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5121 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5385 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9076 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56. | 2018-06-11 | not yet calculated | CVE-2017-7816 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9072 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5122 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9068 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5101 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5111 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5090 BID SECTRACK CONFIRM UBUNTU CONFIRM |
mozilla -- firefox |
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9061 BID SECTRACK CONFIRM CONFIRM |
mozilla -- firefox |
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. This vulnerability affects Firefox < 57. | 2018-06-11 | not yet calculated | CVE-2017-7839 BID SECTRACK CONFIRM CONFIRM |
mozilla -- multiple_products | A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5460 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products | Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5429 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products | A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7786 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products | The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7755 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products | A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7807 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products | Several fonts on OS X display some Tibetan and Arabic characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7825 BID SECTRACK CONFIRM CONFIRM MLIST GENTOO CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7805 BID SECTRACK REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5155 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from "Aspirational Use Scripts" such as Canadian Syllabics to be mixed with Latin characters in the "moderately restrictive" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as "Limited Use Scripts.". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7764 BID SECTRACK MISC REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5400 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5390 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7752 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5380 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7778 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM GENTOO DEBIAN DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5294 BID SECTRACK CONFIRM GENTOO CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5451 BID SECTRACK REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5408 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5443 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7800 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5291 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5183 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- multiple_products |
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7803 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7784 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-5470 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5378 REDHAT REDHAT BID SECTRACK CONFIRM CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5296 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5178 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5089 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7792 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5103 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9897 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5125 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7804 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | 2018-06-11 | not yet calculated | CVE-2017-7826 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST DEBIAN DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5405 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7754 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7810 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5440 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5376 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7756 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5454 BID SECTRACK REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5396 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7757 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5290 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5464 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7802 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7758 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5127 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7793 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5159 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN EXPLOIT-DB CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7801 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7819 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7823 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5373 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5439 BID BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5438 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9898 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7750 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5469 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5435 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5434 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7749 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9066 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9904 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5098 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5102 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7763 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | 2018-06-11 | not yet calculated | CVE-2018-5146 BID SECTRACK REDHAT REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST MLIST UBUNTU UBUNTU UBUNTU DEBIAN DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- multiple_products |
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7791 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9893 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird < 52.5.2, Firefox ESR < 52.5.2, and Firefox < 57.0.2. | 2018-06-11 | not yet calculated | CVE-2017-7845 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7787 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7751 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7809 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-7765 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5410 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5402 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5097 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5447 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN EXPLOIT-DB CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5446 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7785 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5150 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5441 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | 2018-06-11 | not yet calculated | CVE-2017-5472 BID SECTRACK REDHAT REDHAT CONFIRM DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5383 REDHAT REDHAT BID SECTRACK CONFIRM CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5436 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will be allowed to be opened because Windows won't prompt the user to ask what to do. Firefox incorrectly sets this flag when downloading files, leading to less secure behavior from SmartScreen. Note: this issue only affects Windows 10 users running the April 2018 update or later. It does not affect other Windows users or other operating systems. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5174 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | 2018-06-11 | not yet calculated | CVE-2017-5375 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN EXPLOIT-DB EXPLOIT-DB EXPLOIT-DB CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. | 2018-06-11 | not yet calculated | CVE-2018-5144 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | 2018-06-11 | not yet calculated | CVE-2016-9079 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN EXPLOIT-DB EXPLOIT-DB CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5099 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5445 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5095 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | 2018-06-11 | not yet calculated | CVE-2017-7830 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST DEBIAN DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5398 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5432 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5407 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5154 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5. | 2018-06-11 | not yet calculated | CVE-2017-7828 BID SECTRACK REDHAT REDHAT CONFIRM CONFIRM MLIST MLIST DEBIAN DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5466 BID SECTRACK REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5430 BID SECTRACK REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7779 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5449 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7824 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5444 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5168 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9899 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN EXPLOIT-DB CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5465 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN EXPLOIT-DB CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7782 BID SECTRACK CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. | 2018-06-11 | not yet calculated | CVE-2017-7753 BID SECTRACK REDHAT REDHAT CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9895 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5467 BID SECTRACK REDHAT REDHAT CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-9074 BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5442 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7818 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5404 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN EXPLOIT-DB CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A crash triggerable by web content in which an "ErrorResult" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | 2018-06-11 | not yet calculated | CVE-2017-5401 REDHAT REDHAT REDHAT BID SECTRACK CONFIRM GENTOO GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5117 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | 2018-06-11 | not yet calculated | CVE-2017-7814 BID SECTRACK REDHAT REDHAT CONFIRM MLIST GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5433 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58. | 2018-06-11 | not yet calculated | CVE-2018-5104 BID SECTRACK REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5459 BID SECTRACK REDHAT REDHAT REDHAT CONFIRM DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | 2018-06-11 | not yet calculated | CVE-2016-9900 REDHAT REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | 2018-06-11 | not yet calculated | CVE-2016-5297 REDHAT BID SECTRACK CONFIRM GENTOO DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- multiple_products |
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | 2018-06-11 | not yet calculated | CVE-2017-5462 BID SECTRACK CONFIRM GENTOO DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM CONFIRM |
mozilla -- thunderbird_and_firefox | A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. | 2018-06-11 | not yet calculated | CVE-2018-5129 BID SECTRACK REDHAT REDHAT REDHAT REDHAT CONFIRM MLIST MLIST UBUNTU UBUNTU DEBIAN DEBIAN CONFIRM CONFIRM CONFIRM |
mozilla -- thunderbird |
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird < 52.5.2. | 2018-06-11 | not yet calculated | CVE-2017-7846 BID SECTRACK REDHAT CONFIRM MLIST DEBIAN CONFIRM |
mozilla -- thunderbird |
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5185 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- thunderbird |
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2. | 2018-06-11 | not yet calculated | CVE-2017-7847 BID SECTRACK REDHAT CONFIRM MLIST DEBIAN CONFIRM |
mozilla -- thunderbird |
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5162 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- thunderbird |
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5161 SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- thunderbird |
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5170 SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- thunderbird |
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2. | 2018-06-11 | not yet calculated | CVE-2017-7829 BID SECTRACK REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- thunderbird |
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. | 2018-06-11 | not yet calculated | CVE-2018-5184 BID SECTRACK REDHAT REDHAT CONFIRM MLIST UBUNTU DEBIAN CONFIRM |
mozilla -- thunderbird |
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2. | 2018-06-11 | not yet calculated | CVE-2017-7848 BID SECTRACK REDHAT CONFIRM MLIST DEBIAN CONFIRM |
mruby -- mruby |
An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. | 2018-06-12 | not yet calculated | CVE-2018-12248 MISC MISC |
mruby -- mruby |
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag). | 2018-06-12 | not yet calculated | CVE-2018-12247 MISC MISC |
mruby -- mruby |
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. | 2018-06-12 | not yet calculated | CVE-2018-12249 MISC MISC |
nagios -- fusion |
Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | 2018-06-16 | not yet calculated | CVE-2018-12501 CONFIRM |
naver -- whale |
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications. | 2018-06-15 | not yet calculated | CVE-2018-9859 CONFIRM |
netapp -- santricity_web_services_proxy_and_santricity_storage_manager |
NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution. | 2018-06-13 | not yet calculated | CVE-2018-5488 BID CONFIRM |
nodejs -- node.js |
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation. | 2018-06-13 | not yet calculated | CVE-2018-7161 CONFIRM |
nodejs -- node.js |
Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. | 2018-06-13 | not yet calculated | CVE-2018-7167 CONFIRM |
nodejs -- node.js |
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation. | 2018-06-13 | not yet calculated | CVE-2018-7162 BID CONFIRM |
nodejs -- node.js |
Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour. | 2018-06-13 | not yet calculated | CVE-2018-7164 BID CONFIRM |
norton -- app_lock |
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | 2018-06-13 | not yet calculated | CVE-2018-5242 BID CONFIRM |
octopus -- deploy |
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0. | 2018-06-11 | not yet calculated | CVE-2018-12089 CONFIRM |
oecms -- oecms |
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php. | 2018-06-11 | not yet calculated | CVE-2018-12095 MISC EXPLOIT-DB |
opc_foundation -- local_discovery_server |
OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired. | 2018-06-13 | not yet calculated | CVE-2017-17443 CONFIRM |
opc_foundation -- local_discovery_server |
The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges. | 2018-06-13 | not yet calculated | CVE-2017-11672 CONFIRM |
opc_foundation -- opc_ua_.net_sample_applications |
An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack. | 2018-06-13 | not yet calculated | CVE-2018-7559 CONFIRM CONFIRM CONFIRM |
opc_foundation -- opc_ua_.net_sample_applications |
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. | 2018-06-14 | not yet calculated | CVE-2017-12070 CONFIRM |
open-xchange -- ox_app_suite |
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs. | 2018-06-15 | not yet calculated | CVE-2018-5751 MISC FULLDISC EXPLOIT-DB |
open-xchange -- ox_app_suite |
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | 2018-06-15 | not yet calculated | CVE-2018-5752 MISC FULLDISC EXPLOIT-DB |
open-xchange -- ox_app_suite |
The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management. | 2018-06-15 | not yet calculated | CVE-2017-17062 MISC FULLDISC EXPLOIT-DB |
open-xchange -- ox_app_suite |
The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address. | 2018-06-15 | not yet calculated | CVE-2018-5753 MISC FULLDISC EXPLOIT-DB |
open-xchange -- ox_app_suite |
Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet. | 2018-06-15 | not yet calculated | CVE-2018-5755 MISC FULLDISC EXPLOIT-DB |
open-xchange -- ox_app_suite |
Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | 2018-06-15 | not yet calculated | CVE-2018-5754 MISC FULLDISC EXPLOIT-DB |
open-xchange -- ox_app_suite |
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks. | 2018-06-15 | not yet calculated | CVE-2018-5756 MISC FULLDISC EXPLOIT-DB |
openshift -- openshift_enterprise |
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. A malicious user can use this vulnerability to cause a Denial of Service attack for other users of the router shard. | 2018-06-12 | not yet calculated | CVE-2018-1070 CONFIRM |
openshift -- openshift_enterprise |
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. | 2018-06-12 | not yet calculated | CVE-2018-1103 CONFIRM |
openshift-ansible -- openshift-ansible |
openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotations around the values of ETCD_CLIENT_CERT_AUTH and ETCD_PEER_CLIENT_CERT_AUTH in etcd.conf result in etcd being configured to allow remote users to connect without any authentication if they can access the etcd server bound to the network on the master nodes. An attacker could use this flaw to read and modify all the data about the Openshift cluster in the etcd datastore, potentially adding another compute node, or bringing down the entire cluster. | 2018-06-15 | not yet calculated | CVE-2018-1085 CONFIRM |
openssl -- openssl |
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). | 2018-06-12 | not yet calculated | CVE-2018-0732 BID SECTRACK CONFIRM CONFIRM CONFIRM |
ovirt-engine -- ovirt-engine |
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect to a remote database, the password input was logged in cleartext during the verification step. Sharing the provisioning log might inadvertently leak database passwords. | 2018-06-12 | not yet calculated | CVE-2018-1075 CONFIRM CONFIRM |
pale_moon -- pale_moon |
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3. | 2018-06-13 | not yet calculated | CVE-2018-12292 CONFIRM |
phpok -- phpok |
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | 2018-06-15 | not yet calculated | CVE-2018-12492 MISC |
phpok -- phpok |
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | 2018-06-15 | not yet calculated | CVE-2018-12491 MISC |
phpscriptsmall.com -- schools_alert_management_script |
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | 2018-06-08 | not yet calculated | CVE-2018-12053 MISC EXPLOIT-DB |
phpscriptsmall.com -- schools_alert_management_script |
Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on. | 2018-06-08 | not yet calculated | CVE-2018-12055 MISC EXPLOIT-DB |
phpscriptsmall.com -- schools_alert_management_script |
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php. | 2018-06-08 | not yet calculated | CVE-2018-12052 MISC EXPLOIT-DB |
phpscriptsmall.com -- schools_alert_management_script |
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | 2018-06-08 | not yet calculated | CVE-2018-12054 MISC EXPLOIT-DB |
pivotal_spring -- spring-flex |
The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | 2018-06-11 | not yet calculated | CVE-2017-3203 MISC MISC CERT-VN BID |
point-to-point_protocol_daemon -- point-to-point_protocol_daemon | Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. | 2018-06-14 | not yet calculated | CVE-2018-11574 MLIST |
portfoliocms -- portfoliocms |
portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. | 2018-06-13 | not yet calculated | CVE-2018-12263 MISC |
portfoliocms -- portfoliocms |
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. | 2018-06-11 | not yet calculated | CVE-2018-12110 MISC |
procps -- procps |
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also. | 2018-06-13 | not yet calculated | CVE-2018-1121 MLIST BID CONFIRM EXPLOIT-DB MISC |
public_knowledge_project -- open_journal_system |
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.X (before OJS 3.1.1-2) allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl $authors parameter (aka the By Author field). | 2018-06-12 | not yet calculated | CVE-2018-12229 MISC MISC |
publiccms -- publiccms |
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | 2018-06-15 | not yet calculated | CVE-2018-12493 MISC |
publiccms -- publiccms |
An issue discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | 2018-06-15 | not yet calculated | CVE-2018-12494 MISC |
puppet -- puppet_agent |
In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | 2018-06-11 | not yet calculated | CVE-2018-6514 CONFIRM |
puppet -- puppet_agent |
Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation. | 2018-06-11 | not yet calculated | CVE-2018-6515 CONFIRM |
puppet -- puppet_enterprise_and_agent |
Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise 2017.3.x prior to 2017.3.7, Puppet Enterprise 2018.1.x prior to 2018.1.1, Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2, were vulnerable to an attack where an unprivileged user on Windows agents could write custom facts that can escalate privileges on the next puppet run. This was possible through the loading of shared libraries from untrusted paths. | 2018-06-11 | not yet calculated | CVE-2018-6513 CONFIRM |
puppet -- puppet_enterprise_client_tools |
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. | 2018-06-14 | not yet calculated | CVE-2018-6516 CONFIRM |
puppet -- puppet_enterprise |
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0. | 2018-06-11 | not yet calculated | CVE-2018-6512 CONFIRM |
pvpgn -- stats |
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. | 2018-06-12 | not yet calculated | CVE-2017-18291 MISC |
pvpgn -- stats |
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter. | 2018-06-12 | not yet calculated | CVE-2017-18290 MISC |
pvpgn -- stats |
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exist in ladder/stats.php via the GET type parameter. | 2018-06-12 | not yet calculated | CVE-2017-18289 MISC |
pvpgn -- stats |
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter. | 2018-06-12 | not yet calculated | CVE-2017-18288 MISC |
pvpgn -- stats |
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. | 2018-06-12 | not yet calculated | CVE-2017-18287 MISC |
qemu -- qemu |
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | 2018-06-13 | not yet calculated | CVE-2018-11806 MLIST BID CONFIRM MLIST MISC |
qualcomm -- android | If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-06-15 | not yet calculated | CVE-2018-5863 MISC |
qualcomm -- android | The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such as those on the SD card by a malicious administrator. | 2018-06-11 | not yet calculated | CVE-2018-6968 BID SECTRACK CONFIRM |
qualcomm -- android | The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2017-15854 MISC |
qualcomm -- android | improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-3576 MISC |
qualcomm -- android | A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-06-15 | not yet calculated | CVE-2018-5854 MISC |
qualcomm -- android | While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-3572 MISC |
qualcomm -- android | An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-5842 MISC |
qualcomm -- android | Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-3582 MISC |
qualcomm -- android | In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-5844 MISC |
qualcomm -- android |
In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2017-15857 MISC |
qualcomm -- android |
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-06-15 | not yet calculated | CVE-2018-5857 MISC |
qualcomm -- android |
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-5847 MISC |
qualcomm -- android |
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2017-15842 MISC |
qualcomm -- android |
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid. | 2018-06-12 | not yet calculated | CVE-2018-3581 MISC |
qualcomm -- android |
In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure. | 2018-06-12 | not yet calculated | CVE-2018-5843 MISC |
qualcomm -- android |
User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 2018-06-15 | not yet calculated | CVE-2017-18169 MISC |
qualcomm -- android |
In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly. | 2018-06-15 | not yet calculated | CVE-2018-5860 MISC |
qualcomm -- android |
In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations | 2018-06-12 | not yet calculated | CVE-2018-3571 MISC |
qualcomm -- android |
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur. | 2018-06-12 | not yet calculated | CVE-2018-5849 MISC |
qualcomm -- android |
In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2017-18070 MISC |
qualcomm -- android |
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read | 2018-06-12 | not yet calculated | CVE-2018-3579 MISC |
qualcomm -- android |
Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2017-15843 MISC |
qualcomm -- android |
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-5851 MISC |
qualcomm -- android |
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | 2018-06-12 | not yet calculated | CVE-2018-5848 MISC |
qualcomm -- android |
The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. | 2018-06-15 | not yet calculated | CVE-2018-12481 MISC |
radare -- radare2 |
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. | 2018-06-13 | not yet calculated | CVE-2018-12320 MISC MISC |
radare -- radare2 |
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file. | 2018-06-13 | not yet calculated | CVE-2018-12321 MISC MISC |
radare -- radare2 |
There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. | 2018-06-13 | not yet calculated | CVE-2018-12322 MISC MISC |
redis -- redis |
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | 2018-06-16 | not yet calculated | CVE-2018-12453 MISC MISC |
s3ql -- s3ql |
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function. | 2018-06-10 | not yet calculated | CVE-2018-12088 CONFIRM CONFIRM CONFIRM |
safensec -- softcontrol/safensoft |
Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process. | 2018-06-12 | not yet calculated | CVE-2018-5718 CONFIRM |
samsung -- web_viewer_for_samsung_dvr |
Smart Viewer in Samsung Web Viewer for Samsung DVR is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | 2018-06-14 | not yet calculated | CVE-2018-11689 BUGTRAQ |
sap -- hana_backup_service |
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | 2018-06-12 | not yet calculated | CVE-2018-2425 BID MISC CONFIRM |
sap -- multiple_products |
Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.51, 7.52 and version 2.0 of SAP UI for SAP NetWeaver 7.00. | 2018-06-12 | not yet calculated | CVE-2018-2428 BID MISC CONFIRM |
sap -- multiple_products |
SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Software components affected are: SAP Hana Database 1.00, 2.00; SAP UI5 1.00; SAP UI5 (Java) 7.30, 7.31, 7.40, 7,50; SAP UI 7.40, 7.50, 7.51, 7.52, and version 2.0 of SAP UI for SAP NetWeaver 7.00 | 2018-06-12 | not yet calculated | CVE-2018-2424 BID MISC CONFIRM |
seacms -- seacms |
SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). | 2018-06-14 | not yet calculated | CVE-2018-12431 MISC |
siemens -- scalance_switches |
A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. | 2018-06-14 | not yet calculated | CVE-2018-4842 CONFIRM |
siemens -- scalance_switches |
A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. | 2018-06-14 | not yet calculated | CVE-2018-4848 CONFIRM |
siemens -- scalance_switches |
A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM WiMAX (V4.4 and V4.5), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X-204RNA (All versions), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. | 2018-06-14 | not yet calculated | CVE-2018-4833 CONFIRM |
simple_password_store -- simple_password_store |
An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution. | 2018-06-14 | not yet calculated | CVE-2018-12356 MISC MISC MISC |
sonatype -- nexus_repository_manager |
Sonatype Nexus Repository Manager before 3.12.0 has XSS in multiple areas in the Administration UI. | 2018-06-11 | not yet calculated | CVE-2018-12100 CONFIRM CONFIRM CONFIRM |
splunk -- splunk |
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. | 2018-06-08 | not yet calculated | CVE-2018-11409 MISC EXPLOIT-DB |
suse -- linux_enterprise |
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1. | 2018-06-12 | not yet calculated | CVE-2011-4182 CONFIRM CONFIRM |
suse -- open-build-service | A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3. | 2018-06-11 | not yet calculated | CVE-2011-4181 CONFIRM CONFIRM |
suse -- open-build-service |
A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | 2018-06-13 | not yet calculated | CVE-2011-4183 CONFIRM CONFIRM |
symfony -- symfony |
The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. | 2018-06-13 | not yet calculated | CVE-2018-11408 FEDORA FEDORA FEDORA CONFIRM |
symfony -- symfony |
An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403. | 2018-06-13 | not yet calculated | CVE-2018-11407 CONFIRM |
symfony -- symfony |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker. | 2018-06-13 | not yet calculated | CVE-2018-11385 FEDORA FEDORA FEDORA CONFIRM |
symfony -- symfony |
An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. | 2018-06-13 | not yet calculated | CVE-2018-11386 FEDORA FEDORA FEDORA CONFIRM |
symfony -- symfony |
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks. | 2018-06-13 | not yet calculated | CVE-2017-16652 CONFIRM |
symfony -- symfony |
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation. | 2018-06-13 | not yet calculated | CVE-2018-11406 FEDORA FEDORA FEDORA CONFIRM |
synology -- calendar |
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | 2018-06-14 | not yet calculated | CVE-2018-8927 CONFIRM |
tenable -- western_digital_tv_media_player_and_tv_live_hub |
The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi. | 2018-06-12 | not yet calculated | CVE-2018-1151 MISC |
tibco_software -- tibco_administrator |
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. | 2018-06-13 | not yet calculated | CVE-2018-5432 BID CONFIRM |
tibco_software -- tibco_administrator |
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. | 2018-06-13 | not yet calculated | CVE-2018-5433 BID CONFIRM |
tibco_software -- tibco_runtime_agent |
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1. | 2018-06-13 | not yet calculated | CVE-2018-5434 BID CONFIRM |
tinyexr -- tinyexr |
tinyexr 0.9.5 has a heap-based buffer over-read in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. | 2018-06-11 | not yet calculated | CVE-2018-12092 MISC |
tinyexr -- tinyexr |
tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. | 2018-06-16 | not yet calculated | CVE-2018-12503 MISC MISC |
tinyexr -- tinyexr |
tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h. | 2018-06-11 | not yet calculated | CVE-2018-12093 MISC |
tinyexr -- tinyexr |
tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. | 2018-06-16 | not yet calculated | CVE-2018-12504 MISC MISC |
trend_micro -- officescan | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability. | 2018-06-12 | not yet calculated | CVE-2018-10508 CONFIRM |
trend_micro -- officescan |
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability. | 2018-06-12 | not yet calculated | CVE-2018-10509 CONFIRM |
trend_micro -- officescan |
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability. | 2018-06-12 | not yet calculated | CVE-2018-10507 MISC CONFIRM EXPLOIT-DB |
ucmbd -- ucmbd_browser |
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 2018-06-15 | not yet calculated | CVE-2018-6496 CONFIRM |
ucmbd -- ucmbd_server |
Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 2018-06-15 | not yet calculated | CVE-2018-6497 CONFIRM |
virus_total -- yara |
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. | 2018-06-15 | not yet calculated | CVE-2018-12035 MISC MISC CONFIRM |
virus_total -- yara |
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. | 2018-06-15 | not yet calculated | CVE-2018-12034 MISC MISC CONFIRM |
vmware -- nsx_sd-wan_edge |
VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be removing this service from the product in future releases. Successful exploitation of this issue could result in remote code execution. | 2018-06-11 | not yet calculated | CVE-2018-6961 BID CONFIRM |
wolfssl -- wolfssl |
wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | 2018-06-14 | not yet calculated | CVE-2018-12436 MISC MISC MISC |
wordpress -- wordpress |
An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices. | 2018-06-13 | not yet calculated | CVE-2018-10363 MISC |
ximdex -- ximdex |
The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. | 2018-06-13 | not yet calculated | CVE-2018-12273 MISC |
ximdex -- ximdex |
xowl/request.php in Ximdex 4.0 has XSS via the content parameter. | 2018-06-13 | not yet calculated | CVE-2018-12272 MISC |
xiongmai -- uc-httpd |
Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. | 2018-06-08 | not yet calculated | CVE-2018-10088 MISC EXPLOIT-DB |
yii2 -- yii2 |
The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. | 2018-06-13 | not yet calculated | CVE-2018-12290 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/bulletins/SB18-169
Comments
Post a Comment