Vulnerability & Exploit Database

Displaying entries 1 - 10 of 19 in total

Results for: CVE-2018-1308 Back to search

Debian: CVE-2018-5145: firefox-esr, thunderbird -- security update Vulnerability

  • Severity: 8
  • Published: June 11, 2018

Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

Debian: CVE-2018-5131: firefox-esr -- security update Vulnerability

  • Severity: 4
  • Published: June 11, 2018

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profi...

Debian: CVE-2018-5130: firefox-esr -- security update Vulnerability

  • Severity: 7
  • Published: June 11, 2018

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Debian: CVE-2018-5129: firefox-esr, thunderbird -- security update Vulnerability

  • Severity: 5
  • Published: June 11, 2018

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Debian: CVE-2018-5127: firefox-esr, thunderbird -- security update Vulnerability

  • Severity: 7
  • Published: June 11, 2018

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Debian: CVE-2018-5125: firefox-esr, thunderbird -- security update Vulnerability

  • Severity: 7
  • Published: June 11, 2018

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59.

Huawei EulerOS: CVE-2018-12015: perl security update Vulnerability

  • Severity: 6
  • Published: June 07, 2018

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Debian: CVE-2018-1308: lucene-solr -- security update Vulnerability

  • Severity: 5
  • Published: April 09, 2018

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

SUSE: CVE-2018-7550: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: March 01, 2018

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.