How severe is CVE-2018-0001?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2018-0001?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2018-0001

CRITICAL Year: 2018

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-416

View all →

Vulnerability Description

A remote, unauthenticated attacker may be able to execute code by exploiting a use-after-free defect found in older versions of PHP through injection of crafted data via specific PHP URLs within the context of the J-Web process. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D67; 12.3 versions prior to 12.3R12-S5; 12.3X48 versions prior to 12.3X48-D35; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D44, 14.1X53-D50; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1R3; 15.1X49 versions prior to 15.1X49-D30; 15.1X53 versions prior to 15.1X53-D70.

CVE-2008-5038

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of serv...

CWE-4162008

CVE-2010-2941

CRITICAL

CVSS:9.8(Critical)

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-fr...

CWE-4162010

CVE-2010-4197

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have un...

CWE-4162010

CVE-2010-4201

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control select...

CWE-4162010

CVE-2013-5613

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows r...

CWE-4162013

CVE-2013-5616

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23...

CWE-4162013

CVE-2018-0001

Vulnerability Description

Related Vulnerabilities

CVE-2008-5038

CVE-2010-2941

CVE-2010-4197

CVE-2010-4201

CVE-2013-5613

CVE-2013-5616