Vulnerabilities > Canonical > Ubuntu Linux > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-18 | CVE-2018-5186 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 60. | 7.5 |
| 2018-10-18 | CVE-2018-12378 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. | 7.5 |
| 2018-10-18 | CVE-2018-12377 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. | 7.5 |
| 2018-10-18 | CVE-2018-12376 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. | 7.5 |
| 2018-10-18 | CVE-2018-12369 | Incorrect Authorization vulnerability in Mozilla Firefox and Firefox ESR WebExtensions bundled with embedded experiments were not correctly checked for proper authorization. | 7.5 |
| 2018-10-18 | CVE-2018-12364 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. | 8.8 |
| 2018-10-18 | CVE-2018-12363 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. | 8.8 |
| 2018-10-18 | CVE-2018-12362 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. | 8.8 |
| 2018-10-18 | CVE-2018-12360 | Use After Free vulnerability in multiple products A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. | 8.8 |
| 2018-10-17 | CVE-2018-18445 | Out-of-bounds Read vulnerability in multiple products In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. | 7.8 |