Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-26 | CVE-2019-9792 | Out-of-bounds Write vulnerability in multiple products The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. | 7.5 |
2019-04-26 | CVE-2019-9791 | Type Confusion vulnerability in multiple products The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). | 7.5 |
2019-04-26 | CVE-2019-9790 | Use After Free vulnerability in Mozilla Firefox and Firefox ESR A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. | 7.5 |
2019-04-26 | CVE-2019-9789 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Mozilla developers and community members reported memory safety bugs present in Firefox 65. | 7.5 |
2019-04-26 | CVE-2019-9788 | Out-of-bounds Write vulnerability in multiple products Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. | 7.5 |
2019-04-26 | CVE-2018-18512 | Use After Free vulnerability in Mozilla Thunderbird A use-after-free vulnerability can occur while playing a sound notification in Thunderbird. | 7.5 |
2019-04-26 | CVE-2015-9284 | Cross-Site Request Forgery (CSRF) vulnerability in Omniauth The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. | 8.8 |
2019-04-26 | CVE-2019-11542 | Out-of-bounds Write vulnerability in multiple products In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. | 7.2 |
2019-04-26 | CVE-2019-11541 | In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option may see authentication leaks. | 7.5 |
2019-04-26 | CVE-2019-11539 | OS Command Injection vulnerability in multiple products In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. | 7.2 |