Vulnerability & Exploit Database

Displaying entries 121 - 130 of 132750 in total

FreeBSD: VID-C82ECAC5-6E3F-11E8-8777-B499BAEBFEAF (CVE-2018-0732): OpenSSL -- Client DoS due to large DH parameter Vulnerability

  • Severity: 4
  • Published: June 12, 2018

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Servi...

Oracle Solaris 11: CVE-2018-5183: Vulnerability in Firefox, Thunderbird Vulnerability

  • Severity: 4
  • Published: June 11, 2018

Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Oracle Solaris 11: CVE-2018-5178: Vulnerability in Firefox, Thunderbird Vulnerability

  • Severity: 4
  • Published: June 11, 2018

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

Oracle Solaris 11: CVE-2018-5174: Vulnerability in Firefox, Thunderbird Vulnerability

  • Severity: 4
  • Published: June 11, 2018

In the Windows 10 April 2018 Update, Windows Defender SmartScreen honors the "SEE_MASK_FLAG_NO_UI" flag associated with downloaded files and will not show any UI. Files that are unknown and potentially dangerous will be allowed to run because SmartScreen will not prompt the user for a decision, and if the user is offline all files will b...

Oracle Solaris 11: CVE-2018-5170: Vulnerability in Thunderbird Vulnerability

  • Severity: 4
  • Published: June 11, 2018

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.

Oracle Solaris 11: CVE-2018-5168: Vulnerability in Firefox, Thunderbird Vulnerability

  • Severity: 4
  • Published: June 11, 2018

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR &l...