Max CVSS 10.0 Min CVSS 0.0 Total Count15591
IDCVSSSummaryLast (major) updatePublished
CVE-2018-6116 None
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6115 None
Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6108 None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6107 None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6105 None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6104 None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6103 None
A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to bypass permission policy via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6102 None
Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6101 None
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6099 None
A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6098 None
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6095 None
Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to read local files via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6094 None
Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6092 None
An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6090 None
An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6089 None
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6088 None
An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6087 None
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6086 None
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-6085 None
Re-entry of a destructor in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
04-12-2018 - 12:29 04-12-2018 - 12:29
CVE-2018-15715 None
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a
30-11-2018 - 15:29 30-11-2018 - 15:29
CVE-2018-15981 None
Flash Player versions 31.0.0.148 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
29-11-2018 - 15:29 29-11-2018 - 15:29
CVE-2018-15980 5.0
Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-11-2018 - 15:29 29-11-2018 - 15:29
CVE-2018-15979 None
Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Successful exploitation could lead to information disclosure.
29-11-2018 - 15:29 29-11-2018 - 15:29
CVE-2018-15978 None
Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-11-2018 - 15:29 29-11-2018 - 15:29
CVE-2018-19628 None
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19627 None
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19626 None
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19625 None
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19624 None
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19623 None
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-19622 None
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
28-11-2018 - 23:29 28-11-2018 - 23:29
CVE-2018-8529 None
A remote code execution vulnerability exists when Team Foundation Server (TFS) does not enable basic authorization on the communication between the TFS and Search services, aka "Team Foundation Server Remote Code Execution Vulnerability." This affect
15-11-2018 - 14:29 15-11-2018 - 14:29
CVE-2018-6083 None
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6082 None
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6081 None
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6080 None
Lack of access control checks in Instrumentation in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to obtain memory metadata from privileged processes .
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6079 None
Inappropriate sharing of TEXTURE_2D_ARRAY/TEXTURE_3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6078 None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6077 None
Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6076 None
Insufficient encoding of URL fragment identifiers in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform a DOM based XSS attack via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6075 None
Incorrect handling of specified filenames in file downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page and user interaction.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6074 None
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6073 None
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6072 None
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6071 None
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6070 None
Lack of CSP enforcement on WebUI pages in Bink in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6069 None
Stack buffer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6068 None
Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6067 None
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6066 None
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6065 None
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6064 None
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6063 None
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6062 None
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6061 None
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6060 None
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-6057 None
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17477 None
Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17476 None
Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17475 None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17474 None
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17473 None
Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17472 None
Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17471 None
Incorrect dialog placement in WebContents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17469 None
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17468 None
Incorrect handling of timer information during navigation in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obtain cross origin URLs via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17467 None
Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17466 None
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17465 None
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17464 None
Incorrect handling of history on iOS in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17463 None
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-17462 None
Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.
14-11-2018 - 10:29 14-11-2018 - 10:29
CVE-2018-8602 None
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka "Team Foundation Server Cross-site Scripting Vulnerability." This affects Team.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8592 None
An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows Server 2019.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8589 None
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8588 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8584 None
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019,
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8582 None
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outl
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8581 None
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8578 None
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft Share
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8577 None
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Micro
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8576 None
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft O
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8575 None
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8574 None
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Micro
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8573 None
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. T
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8572 None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8570 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8568 None
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8567 None
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation o
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8566 None
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8565 None
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka "Win32k Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, W
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8564 None
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8563 None
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Wi
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8562 None
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8561 None
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windo
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8557 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8556 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8555 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8554 None
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-201
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8553 None
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8552 None
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Cor
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8551 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8550 None
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8549 None
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8547 None
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directo
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8546 None
A denial of service vulnerability exists in Skype for Business, aka "Microsoft Skype for Business Denial of Service Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Lync, Skype.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8545 None
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8544 None
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Ser
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8543 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8542 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8541 None
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8539 None
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8524 None
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft O
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8522 None
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft O
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8485 None
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windo
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8476 None
A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Wi
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8471 None
An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windo
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8454 None
An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8450 None
A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8417 None
A security feature bypass vulnerability exists in Microsoft JScript that could allow an attacker to bypass Device Guard, aka "Microsoft JScript Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019,
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8416 None
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8415 None
A tampering vulnerability exists in PowerShell that could allow an attacker to execute unlogged code, aka "Microsoft PowerShell Tampering Vulnerability." This affects Windows 7, PowerShell Core 6.1, Windows Server 2012 R2, Windows RT 8.1, PowerShell
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8408 None
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8407 None
An information disclosure vulnerability exists when "Kernel Remote Procedure Call Provider" driver improperly initializes objects in memory, aka "MSRPC Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-8256 None
A remote code execution vulnerability exists when PowerShell improperly handles specially crafted files, aka "Microsoft PowerShell Remote Code Execution Vulnerability." This affects Windows RT 8.1, PowerShell Core 6.0, Microsoft.PowerShell.Archive 1.
13-11-2018 - 20:29 13-11-2018 - 20:29
CVE-2018-5188 7.5
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5187 7.5
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunde
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5186 7.5
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-5156 7.5
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12387 6.4
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as pa
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12386 5.8
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12385 4.4
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12383 2.1
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format star
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12382 5.0
The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12381 5.0
Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are incorrectly interpreted as a URL. *Note: this issue only affects Windows operating systems with Outlook instal
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12379 4.6
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system wit
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12378 7.5
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62,
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12377 7.5
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12376 7.5
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fire
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12375 6.8
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12374 None
Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12373 None
dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12372 None
Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12370 6.8
In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affe
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12369 7.5
WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. This allowed a malicious WebExtension to gain full browser permissions. This vulnerability affects Firefox ESR < 60.1 and Firefox < 61.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12368 9.3
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12367 4.3
In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12366 4.3
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12365 4.3
A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12364 6.8
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) at
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12363 6.8
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentia
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12362 6.8
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR <
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12361 6.8
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnera
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12360 6.8
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12359 6.8
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-12358 4.3
Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2016-9069 6.8
A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
18-10-2018 - 09:29 18-10-2018 - 09:29
CVE-2018-15974 None
Adobe Framemaker versions 1.0.5.1 and below have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12823 10.0
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12822 10.0
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12821 5.0
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12820 5.0
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12819 5.0
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12818 5.0
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12816 5.0
Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12814 10.0
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-12813 10.0
Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
17-10-2018 - 14:29 17-10-2018 - 14:29
CVE-2018-3214 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3211 3.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3209 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3183 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3180 6.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3169 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthentica
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3157 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3150 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3149 5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3139 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows un
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-3136 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unau
16-10-2018 - 21:31 16-10-2018 - 21:31
CVE-2018-6974 None
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This iss
16-10-2018 - 15:29 16-10-2018 - 15:29
CVE-2018-15968 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15966 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15956 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15955 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15954 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15953 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15952 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15951 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15950 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15949 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15948 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15947 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15946 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15945 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15944 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15943 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15942 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15941 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15940 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15939 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15938 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15937 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15936 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15935 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15934 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15933 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15932 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15931 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15930 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15929 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15928 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15927 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15926 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15925 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15924 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15923 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15922 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-15920 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12881 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12880 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12879 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12878 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12877 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12876 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12875 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12874 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12873 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12872 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12871 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12870 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12869 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12868 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12867 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12866 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12865 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12864 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12863 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12862 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12861 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12860 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12859 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12858 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12857 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12856 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12855 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12853 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12852 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12851 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12847 6.8
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12846 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12845 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12844 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12843 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12842 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12841 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12839 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12838 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12837 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12836 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12835 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12834 4.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12833 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12832 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12831 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12769 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-12759 9.3
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
12-10-2018 - 14:29 12-10-2018 - 14:29
CVE-2018-18227 5.0
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
12-10-2018 - 02:29 12-10-2018 - 02:29
CVE-2018-18226 7.8
In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach.
12-10-2018 - 02:29 12-10-2018 - 02:29
CVE-2018-18225 5.0
In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed.
12-10-2018 - 02:29 12-10-2018 - 02:29
CVE-2018-8533 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability."
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8532 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability."
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8530 4.3
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8527 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." T
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8518 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8513 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8512 5.8
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Micr
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8511 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8510 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8509 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8506 1.9
An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windo
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8505 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8504 9.3
A remote code execution vulnerability exists in Microsoft Word software when the software fails to properly handle objects in Protected View, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Office 3
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8503 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8502 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in Protected View, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Offic
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8501 9.3
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Power
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8498 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8497 None
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Serv
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8495 7.6
A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8494 9.3
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8493 5.0
An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles fragmented IP packets, aka "Windows TCP/IP Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8492 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8491 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8490 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8489 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8488 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8486 2.1
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8484 7.2
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8482 2.6
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows S
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8481 2.6
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows S
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8480 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8473 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8472 2.1
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnera
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8460 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8453 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8448 5.8
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8432 9.3
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office W
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8427 2.1
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Office Word View
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8423 9.3
A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows S
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8413 9.3
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8411 7.2
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Serv
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8333 6.9
An Elevation of Privilege vulnerability exists in Filter Manager when it improperly handles objects in memory, aka "Microsoft Filter Manager Elevation Of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Window
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8330 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8329 7.2
An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8320 4.0
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Serve
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8292 5.0
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerS
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8265 9.3
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-3997 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrar
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3996 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3992 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrar
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3945 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3942 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3941 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3940 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16297 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16296 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16295 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16294 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16295, CVE-2018-16296, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16293 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16292 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-16291 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2
08-10-2018 - 12:29 08-10-2018 - 12:29
CVE-2018-3995 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3994 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3993 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3967 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3966 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3965 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3964 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3946 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
03-10-2018 - 11:29 03-10-2018 - 11:29
CVE-2018-3962 6.0
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3961 6.8
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the u
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3960 6.8
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3959 6.8
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the us
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3958 6.8
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the u
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3957 6.8
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3944 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-3943 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
02-10-2018 - 17:29 02-10-2018 - 17:29
CVE-2018-17781 5.0
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled.
29-09-2018 - 13:29 29-09-2018 - 13:29
CVE-2018-6054 6.8
Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6053 4.3
Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6052 4.3
Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it had opted out of sending referrer data.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6051 4.3
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6050 4.3
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6049 4.3
Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6048 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6047 4.3
Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6046 4.3
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6045 4.3
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6043 6.8
Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6042 4.3
Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6041 4.3
Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6040 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6039 4.3
Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6038 4.3
Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6037 4.3
Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6036 4.3
Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6035 6.8
Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6034 5.8
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6033 6.8
Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6032 4.3
Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-6031 6.8
Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
25-09-2018 - 10:29 25-09-2018 - 10:29
CVE-2018-15967 5.0
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15965 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15964 5.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15963 5.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15962 5.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15961 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15960 6.4
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15959 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15958 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-15957 10.0
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12850 5.0
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12849 5.0
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12848 7.5
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12840 5.0
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12801 5.0
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12778 5.0
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12775 5.0
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
25-09-2018 - 09:29 25-09-2018 - 09:29
CVE-2018-12086 None
Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.
14-09-2018 - 17:29 14-09-2018 - 17:29
CVE-2018-8475 6.8
A remote code execution vulnerability exists when Windows does not properly handle specially crafted image files, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8470 4.3
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Exp
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8469 4.3
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8468 4.3
An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Wind
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8467 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8466 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8465 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8464 9.3
An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8463 4.3
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8462 7.2
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, W
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8461 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8459 7.6
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-20
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8457 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8456 7.6
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-20
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8455 4.6
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8452 4.3
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Mic
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8449 2.1
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8447 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8446 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8445 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8444 4.3
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 10, Windo
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8443 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8442 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8441 4.6
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8440 7.2
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8439 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8438 6.8
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects W
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8437 5.5
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects W
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8436 5.5
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects W
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8435 2.3
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8434 5.2
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This a
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8433 1.9
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8431 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8430 9.3
A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8429 4.3
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8428 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8426 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsof
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8425 4.3
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8424 None
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8421 10.0
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Fr
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8420 9.3
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8419 2.1
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows S
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8410 7.2
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8409 5.0
A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8393 9.3
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8392 9.3
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8367 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8366 2.6
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8354 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8337 4.6
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8336 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID i
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8335 7.8
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8332 9.3
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8315 4.0
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Int
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-8271 2.1
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, W
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-0965 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Window
12-09-2018 - 20:29 12-09-2018 - 20:29
CVE-2018-16802 6.8
An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe
10-09-2018 - 12:29 10-09-2018 - 12:29
CVE-2018-16585 6.8
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allow
06-09-2018 - 10:29 06-09-2018 - 10:29
CVE-2018-16543 6.8
In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16542 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16541 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16540 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16539 4.3
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
05-09-2018 - 14:29 05-09-2018 - 14:29
CVE-2018-16513 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 09:29 05-09-2018 - 09:29
CVE-2018-16511 6.8
An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.
05-09-2018 - 02:29 05-09-2018 - 02:29
CVE-2018-16509 9.3
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instr
05-09-2018 - 02:29 05-09-2018 - 02:29
CVE-2018-15514 6.5
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This wo
31-08-2018 - 21:29 31-08-2018 - 21:29
CVE-2018-16058 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-16057 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-16056 5.0
In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth Attribute Protocol dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by verifying that a dissector for a specific UUID exists.
29-08-2018 - 21:29 29-08-2018 - 21:29
CVE-2018-5003 6.8
Adobe Creative Cloud Desktop Application before 4.5.5.342 (installer) has an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12829 7.5
Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12828 7.5
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12827 5.0
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12826 5.0
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12825 7.5
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12824 4.3
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12811 7.5
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12810 7.5
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12808 7.5
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2018-12799 6.8
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
29-08-2018 - 09:29 29-08-2018 - 09:29
CVE-2017-15429 4.3
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15399 9.3
A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15398 7.5
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
28-08-2018 - 16:29 28-08-2018 - 16:29
CVE-2017-15427 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15426 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15425 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15424 4.3
Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15423 5.0
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15422 4.3
Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15420 4.3
Inappropriate implementation in browser navigation in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15419 4.3
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15418 4.3
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15417 2.6
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15416 4.3
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15415 4.3
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15413 6.8
Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15412 6.8
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15411 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15410 6.8
Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15409 6.8
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15408 6.8
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2017-15407 6.8
Out-of-bounds Write in the QUIC networking stack in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to gain code execution via a malicious server.
28-08-2018 - 15:29 28-08-2018 - 15:29
CVE-2018-15911 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.
28-08-2018 - 00:29 28-08-2018 - 00:29
CVE-2018-15910 6.8
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15909 6.8
In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-15908 6.8
In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.
27-08-2018 - 13:29 27-08-2018 - 13:29
CVE-2018-8414 9.3
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8406 7.2
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, W
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8405 7.2
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8404 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Wi
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8403 7.6
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8401 7.2
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, W
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8400 7.2
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. Th
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8399 6.9
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8398 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8397 9.3
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8396 1.9
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8394 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Win
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8390 7.6
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-20
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8389 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8388 4.3
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8387 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8385 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11,
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8383 4.3
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8382 4.3
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8381 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8380 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8379 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8378 4.3
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This a
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8377 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8376 9.3
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8375 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, M
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8374 4.0
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8373 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8372 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8371 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8370 4.3
A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8360 5.0
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framewo
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8358 4.3
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8357 5.1
An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8355 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8353 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8351 4.3
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explor
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8350 9.3
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8349 9.3
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wind
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8348 1.9
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8347 7.2
An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windo
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8346 9.3
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8345 7.6
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windo
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8344 9.3
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8343 7.2
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affec
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8342 7.2
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affec
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8341 1.9
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 201
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8340 4.0
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Ser
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8339 6.9
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This af
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8316 7.6
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8302 10.0
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8273 10.0
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8266 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8253 2.1
An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8204 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8200 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-0952 7.2
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Window
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-6973 7.2
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.
15-08-2018 - 08:29 15-08-2018 - 08:29
CVE-2018-3646 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fau
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3620 4.7
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel an
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-3615 5.4
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a si
14-08-2018 - 15:29 14-08-2018 - 15:29
CVE-2018-6970 4.0
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less
13-08-2018 - 17:48 13-08-2018 - 17:48
CVE-2018-3939 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code
01-08-2018 - 16:29 01-08-2018 - 16:29
CVE-2018-3924 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary c
01-08-2018 - 16:29 01-08-2018 - 16:29
CVE-2018-11050 3.3
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component. User credentials are sen
01-08-2018 - 02:29 01-08-2018 - 02:29
CVE-2017-2640 7.5
An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.
27-07-2018 - 14:29 27-07-2018 - 14:29
CVE-2018-6971 2.1
VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation
25-07-2018 - 09:29 25-07-2018 - 09:29
CVE-2017-3210 7.2
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissio
24-07-2018 - 11:29 24-07-2018 - 11:29
CVE-2018-13386 6.8
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain co
24-07-2018 - 09:29 24-07-2018 - 09:29
CVE-2018-13385 7.5
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code e
24-07-2018 - 09:29 24-07-2018 - 09:29
CVE-2018-5070 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5069 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5068 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5067 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5066 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5065 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5064 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5063 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5062 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5061 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5060 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5059 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5058 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5057 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5056 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5055 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5054 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5053 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5052 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5051 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5050 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5049 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5048 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5047 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5046 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5045 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5044 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5043 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5042 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5041 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5040 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5039 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5038 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5037 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5036 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5035 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5034 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5033 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5032 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5031 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5030 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the contex
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5029 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5028 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5027 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5026 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5025 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5024 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5023 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5022 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5021 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5020 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5019 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5018 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5017 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5016 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5015 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5014 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5012 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the contex
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5011 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5010 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5009 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5008 5.0
Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-5007 6.8
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12815 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12812 10.0
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12803 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12802 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12798 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12797 9.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12796 9.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12795 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12794 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12793 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12792 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12791 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12790 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12789 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12788 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12787 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12786 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12785 7.5
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12784 7.5
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12783 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12782 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current us
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12781 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12780 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12779 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12777 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12776 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12774 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12773 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12772 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12771 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12770 6.8
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12768 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12767 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12766 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12765 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12764 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12763 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12762 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12761 4.3
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12760 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12758 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12757 5.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12756 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12755 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-12754 10.0
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
20-07-2018 - 15:29 20-07-2018 - 15:29
CVE-2018-14442 7.5
Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs.
20-07-2018 - 08:29 20-07-2018 - 08:29
CVE-2018-14370 5.0
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14369 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14368 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14367 5.0
In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14344 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14343 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14342 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14341 7.8
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14340 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-14339 5.0
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
18-07-2018 - 22:29 18-07-2018 - 22:29
CVE-2018-2973 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unau
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2972 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocol
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2964 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2952 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult t
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2942 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2941 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2940 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows u
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2018-2938 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul
18-07-2018 - 09:29 18-07-2018 - 09:29
CVE-2013-0522 1.9
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password tra
16-07-2018 - 10:29 16-07-2018 - 10:29
CVE-2018-6969 4.4
VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order
13-07-2018 - 09:29 13-07-2018 - 09:29
CVE-2018-11529 6.8
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
11-07-2018 - 12:29 11-07-2018 - 12:29
CVE-2018-8356 2.1
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8325 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8324 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8323 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8314 4.3
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Ser
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8313 7.2
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8312 9.3
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8311 6.8
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microso
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8310 5.0
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8309 4.9
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8308 8.5
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serv
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8307 6.8
A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, W
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8304 7.1
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8301 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8300 6.8
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8299 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8297 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8296 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CV
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8294 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8291 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8290 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8289 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8288 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8287 7.6
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Inter
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8286 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8284 9.3
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Micros
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8282 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8281 9.3
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8280 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8279 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8278 5.8
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8276 4.3
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8275 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8274 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8262 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8260 6.8
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8242 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8238 9.3
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8222 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8206 7.8
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Serve
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8202 7.2
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Fram
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8172 9.3
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio,
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8171 5.0
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, A
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8125 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-20
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-0949 4.3
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-5002 10.0
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-5001 4.3
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-5000 4.3
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4996 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4995 7.5
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4993 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4990 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current us
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4989 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4988 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4987 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the contex
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4986 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4985 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4984 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4983 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4982 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4981 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4980 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4979 4.3
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4978 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4977 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4976 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4975 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4974 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4973 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4972 4.3
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4971 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4970 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4969 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4968 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4967 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4966 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4965 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4964 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4963 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4962 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4961 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4960 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4959 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4958 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4957 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4956 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4955 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4954 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4953 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4952 6.8
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4951 4.3
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4950 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the c
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4949 5.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4948 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4947 10.0
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4946 6.8
Adobe Photoshop CC versions 19.1.3 and earlier, 18.1.3 and earlier, and 18.1.2 and earlier have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-4945 6.8
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
09-07-2018 - 15:29 09-07-2018 - 15:29
CVE-2018-13785 4.3
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
09-07-2018 - 09:29 09-07-2018 - 09:29
CVE-2018-3665 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
21-06-2018 - 16:29 21-06-2018 - 16:29
CVE-2018-5237 6.5
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower acce
20-06-2018 - 12:29 20-06-2018 - 12:29
CVE-2018-5236 3.5
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
20-06-2018 - 12:29 20-06-2018 - 12:29
CVE-2018-8267 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8254 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8252 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8251 7.6
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012,
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8249 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8248 9.3
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8247 5.8
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Offic
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8246 4.3
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8245 6.8
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsof
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8244 4.3
An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8239 4.3
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8236 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8235 4.3
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8234 4.3
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8233 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8231 9.3
A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8229 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8227 7.6
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8226 7.8
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Wind
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8225 9.3
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Wind
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8224 6.9
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8221 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8219 4.6
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10,
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8218 6.8
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects W
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8217 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8216 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8215 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8214 6.9
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 S
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8213 7.2
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8212 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8211 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8210 7.2
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8209 2.7
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 20
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8208 6.9
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 S
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8207 1.9
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 200
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8205 4.9
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Serve
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8201 4.4
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windo
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8175 7.1
An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8169 6.9
An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Win
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8140 4.6
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8121 1.9
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-20
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8113 4.3
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8111 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8110 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-1040 5.4
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-1036 6.9
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-0982 6.9
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-0978 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-0871 4.3
An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234.
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-5185 4.3
Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5184 5.0
Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5183 7.5
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 5
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5182 5.0
If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5181 5.0
If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more rel
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5180 5.0
A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same call
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5178 6.8
A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5177 5.0
A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox < 60.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5176 4.3
The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running t
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5175 4.3
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" lib
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5174 5.0
In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartSc
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5173 5.0
The filename appearing in the "Downloads" panel improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel. Note: th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5172 4.3
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste mali
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5170 4.3
It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5169 4.3
If manipulated hyperlinked text with "chrome:" URL contained in it is dragged and dropped on the "home" icon, the home page can be reset to include a normally-unlinkable chrome page as one of the home page tabs. This vulnerability affects Firefox < 6
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5168 5.0
Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5167 4.3
The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Add
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5166 5.0
WebExtensions can use request redirection and a "filterReponseData" filter to bypass host permission settings to redirect network traffic and access content from a host for which they do not have explicit user permission. This vulnerability affects F
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5165 5.0
In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting i
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5164 4.3
Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and ot
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5163 5.1
If a malicious attacker has used another vulnerability to gain full control over a content process, they may be able to replace the alternate data resources stored in the JavaScript Start-up Bytecode Cache (JSBC) for other JavaScript code. If the par
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5162 5.0
Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5161 4.3
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5160 5.0
WebRTC can use a "WrappedI420Buffer" pixel buffer but the owning image object can be freed while it is still in use. This can result in the WebRTC encoder using uninitialized memory, leading to a potentially exploitable crash. This vulnerability affe
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5159 7.5
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5158 6.8
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnera
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5157 5.0
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5155 7.5
A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox E
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5154 7.5
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Fir
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5153 5.0
If websocket data is sent with mixed text and binary in a single message, the binary data can be corrupted. This can result in an out-of-bounds read with the read memory sent to the originating server in response. This vulnerability affects Firefox <
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5152 4.3
WebExtensions with the appropriate permissions can attach content scripts to Mozilla sites such as accounts.firefox.com and listen to network traffic to the site through the "webRequest" API. For example, this allows for the interception of username
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5151 10.0
Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5150 7.5
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5148 7.5
A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5147 7.5
The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5146 6.8
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5145 7.5
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 an
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5144 7.5
An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5143 4.3
URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will e
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5142 5.0
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5141 6.4
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted conte
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5140 5.0
Image for moz-icons can be accessed through the "moz-icon:" protocol through script in web content even when otherwise prohibited. This could allow for information leakage of which applications are associated with specific MIME types by a malicious p
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5138 5.0
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5137 5.0
A legacy extension's non-contentaccessible, defined resources can be loaded by an arbitrary web page through script. This script does this by using a maliciously crafted path string to reference the resources. Note: this vulnerability does not affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5136 5.0
A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5135 5.0
WebExtensions can bypass normal restrictions in some circumstances and use "browser.tabs.executeScript" to inject scripts into contexts where this should not be allowed, such as pages from other WebExtensions or unprivileged "about:" pages. This vuln
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5134 5.0
WebExtensions may use "view-source:" URLs to view local "file:" URL content, as well as content stored in "about:cache", bypassing restrictions that only allow WebExtensions to view specific content. This vulnerability affects Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5133 4.3
If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" d
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5132 4.3
The Find API for WebExtensions can search some privileged pages, such as "about:debugging", if these pages are open in a tab. This could allow a malicious WebExtension to search for otherwise protected data if a user has it open. This vulnerability a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5131 4.3
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5130 6.8
When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5129 5.0
A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunde
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5128 7.5
A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5127 6.8
A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5126 7.5
Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5125 6.8
Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5122 7.5
A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5121 5.0
Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affe
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5119 5.0
The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox < 5
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5118 5.0
The screenshot images displayed in the Activity Stream page displayed when a new tab is opened is created from the meta tags of websites. An issue was discovered where the page could attempt to create these images through "file:" URLs from the local
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5117 5.0
If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can misle
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5116 7.5
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5115 5.0
If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in use
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5114 5.0
If an existing cookie is changed to be "HttpOnly" while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. This vulnerability affects Fir
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5113 5.0
The "browser.identity.launchWebAuthFlow" function of WebExtensions is only allowed to load content over "https:" but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. This vulnerabi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5112 5.0
Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5111 4.3
When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify o
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5110 5.0
If cursor visibility is toggled by script using from 'none' to an image and back through script, the cursor will be rendered temporarily invisible within Firefox. Note: This vulnerability only affects OS X. Other operating systems are not affected. T
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5109 5.0
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making t
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5108 4.3
A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5107 5.0
The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that so
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5106 5.0
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cr
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5105 7.2
WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5104 7.5
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5103 7.5
A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5102 7.5
A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5101 5.0
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5100 5.0
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5099 7.5
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5098 7.5
A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefo
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5097 7.5
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5096 7.5
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5095 7.5
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerabilit
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5094 5.0
A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5093 5.0
A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5092 7.5
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5091 7.5
A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5090 10.0
Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2018-5089 7.5
Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7848 5.0
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7847 4.3
Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7846 6.8
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View -> Feed article -> Website" or in the standard format of "View -> Feed article -> default format". This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7845 9.3
A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially expl
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7844 4.3
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: Th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7843 5.0
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple pr
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7842 5.0
If a document's Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "<link>" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7840 4.3
JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7839 4.3
Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7838 5.0
Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7837 5.0
SVG loaded through "<img>" tags can use "<meta>" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7836 4.6
The "pingsender" executable used by the Firefox Health Report dynamically loads a system copy of libcurl, which an attacker could replace. This allows for privilege escalation as the replaced libcurl code will run with Firefox's privileges. Note: Thi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7835 7.5
Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vuln
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7834 4.3
A "data:" URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context o
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7833 5.0
Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows fo
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7832 5.0
The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7831 5.0
A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7830 4.3
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderb
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7829 5.0
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbir
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7828 7.5
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7827 10.0
Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7826 10.0
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7824 7.5
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. Thi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7823 4.3
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launch
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7822 5.0
The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7821 7.5
A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnera
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7820 5.0
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandl
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7819 7.5
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7818 7.5
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7817 5.0
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7816 5.0
WebExtensions could use popups and panels in the extension UI to load an "about:" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7815 5.0
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7814 6.8
File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users int
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7813 6.4
Inside the JavaScript parser, a cast of an integer to a narrower type can result in data read from outside the buffer being parsed. This usually results in a non-exploitable crash, but can leak a limited amount of information from memory if it matche
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7812 5.0
If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7811 10.0
Memory safety bugs were reported in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7810 10.0
Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7809 7.5
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox E
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7808 5.0
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7807 5.8
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7806 5.0
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7805 5.0
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7804 5.0
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memor
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7803 5.0
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7802 7.5
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements ar
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7801 7.5
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7800 7.5
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR <
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7799 4.3
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7798 6.8
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. Th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7797 5.0
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7796 3.3
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with an
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7794 4.6
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions. Note: This attack only affects the
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7793 7.5
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7792 7.5
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firef
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7791 5.0
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects T
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7790 5.0
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7789 5.0
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection. This vulnerability affects Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7788 7.5
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vul
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7787 5.0
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7786 7.5
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7785 7.5
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7784 7.5
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7783 5.0
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:Password@example.com"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability a
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7782 5.0
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. Thi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7781 4.3
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection,
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7780 7.5
Memory safety bugs were reported in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7779 10.0
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This v
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7778 7.5
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7768 2.1
The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. The Mozilla Maintena
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7767 2.1
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7766 4.6
An attack using manipulation of "updater.ini" contents, used by the Mozilla Windows Updater, and privilege escalation through the Mozilla Maintenance Service to allow for arbitrary file execution and deletion by the Maintenance Service, which has pri
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7765 5.0
The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the In
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7764 5.0
Characters from the "Canadian Syllabics" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw "punycode" form, allowing for domain name spoofing attacks through character confus
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7762 5.0
When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7761 3.6
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junct
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7760 4.6
The Mozilla Windows updater modifies some files to be updated by reading the original file and applying changes to it. The location of the original file can be altered by a malicious user by passing a special path to the callback parameter through th
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7758 6.4
An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7757 7.5
A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7756 7.5
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7755 6.8
The Firefox installer on Windows can be made to load malicious DLL files stored in the same directory as the installer when it is run. This allows privileged execution if the installer is run with elevated privileges. Note: This attack only affects W
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7754 5.0
An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7753 6.4
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7752 6.8
A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigge
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7751 7.5
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7750 7.5
A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Fire
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-7749 7.5
A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5472 7.5
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5471 7.5
Memory safety bugs were reported in Firefox 53. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5470 7.5
Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5469 7.5
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5468 6.4
An issue with incorrect ownership model of "privateBrowsing" information exposed through developer tools. This can result in a non-exploitable crash when manually triggered during debugging. This vulnerability affects Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5467 5.0
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5466 4.3
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5465 6.4
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5464 7.5
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firef
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5462 5.0
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5460 7.5
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5459 7.5
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5458 4.3
When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5456 7.5
A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5455 5.0
The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability aff
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5454 5.0
A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5453 4.3
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerabilit
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5451 4.3
A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5449 5.0
A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5448 7.5
An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Clearkey-encrypted media content. The "ClearKeyDecryptor" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerabil
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5447 6.4
An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5446 7.5
An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Fi
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5445 5.0
A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2017-5444 5.0