Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12405 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-5206 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| When the channel topic is set without specifying a sender, Irssi before 1.0.6 may dereference a NULL pointer. | |||||
| CVE-2018-5208 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-12 | 7.5 HIGH | 9.8 CRITICAL |
| In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings. | |||||
| CVE-2018-5207 | 2 Debian, Irssi | 2 Debian Linux, Irssi | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| When using an incomplete variable argument, Irssi before 1.0.6 may access data beyond the end of the string. | |||||
| CVE-2018-5205 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2019-03-12 | 5.0 MEDIUM | 7.5 HIGH |
| When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string. | |||||
| CVE-2018-5146 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. | |||||
| CVE-2018-16511 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2019-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. | |||||
| CVE-2018-5154 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2019-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | |||||
| CVE-2018-5155 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2019-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | |||||
| CVE-2018-5159 | 4 Canonical, Debian, Mozilla and 1 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2019-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. | |||||
| CVE-2018-18493 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-5178 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox Esr and 8 more | 2019-03-11 | 6.8 MEDIUM | 8.1 HIGH |
| A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. | |||||
| CVE-2018-18494 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2018-18492 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2019-03-11 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64. | |||||
| CVE-2017-17866 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2019-03-11 | 6.8 MEDIUM | 7.8 HIGH |
| pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2018-15469 | 2 Debian, Xen | 2 Debian Linux, Xen | 2019-03-08 | 4.9 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). | |||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2019-03-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |||||
| CVE-2015-5312 | 6 Apple, Canonical, Debian and 3 more | 13 Iphone Os, Mac Os X, Tvos and 10 more | 2019-03-08 | 7.1 HIGH | N/A |
| The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | |||||
| CVE-2015-7942 | 5 Apple, Canonical, Debian and 2 more | 9 Iphone Os, Mac Os X, Tvos and 6 more | 2019-03-08 | 6.8 MEDIUM | N/A |
| The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. | |||||
| CVE-2015-8035 | 4 Apple, Canonical, Debian and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2019-03-08 | 2.6 LOW | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | |||||