Skip to main content

Backports Sle

309 CVEs product

Monthly

CVE-2020-7043 CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-7042 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-7041 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-9273 HIGH This Week

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Proftpd Debian Linux +5
NVD GitHub
CVSS 3.1
8.8
EPSS
12.0%
CVE-2020-9272 HIGH PATCH This Week

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Proftpd Simatic Net Cp 1543 1 Firmware Simatic Net Cp 1545 1 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-8955 CRITICAL PATCH Act Now

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Weechat Fedora Backports Sle +2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-6416 HIGH POC This Week

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6415 HIGH POC This Week

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6414 HIGH This Week

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6413 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-6412 MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-6408 MEDIUM POC This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-6404 HIGH POC This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-6403 MEDIUM POC This Month

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Chrome Backports Sle +6
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-6402 HIGH This Week

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-6401 MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6400 MEDIUM POC This Month

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-6399 MEDIUM This Month

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-6398 HIGH PATCH This Week

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-6397 MEDIUM POC This Month

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6396 MEDIUM POC This Month

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2020-6394 MEDIUM POC This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
5.4
EPSS
1.7%
CVE-2020-6393 MEDIUM PATCH This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-6392 MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-6391 MEDIUM POC This Month

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-6390 HIGH POC This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-6385 HIGH POC This Week

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Backports Sle Fedora +5
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6382 HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +6
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6381 HIGH POC This Week

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Backports Sle +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2020-8118 MEDIUM POC This Month

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud SSRF Nextcloud Server Backports Sle Suse Linux Enterprise Server
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2020-7040 HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux Backports Sle Leap +1
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2020-7106 MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux Backports Sle +4
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-6377 HIGH POC This Week

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-1765 MEDIUM PATCH This Month

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Otrs Debian Linux Backports Sle Leap
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-6615 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6614 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6613 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6612 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6611 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6609 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-20015 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20014 HIGH POC PATCH This Week

An issue was discovered in GNU LibreDWG before 0.93. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-20013 MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20012 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20011 HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-20010 HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libredwg Backports Sle +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-20009 MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-19925 HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services Mysql Workbench Debian Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-19923 HIGH PATCH This Week

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Sinec Infrastructure Network Services Mysql Workbench +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-19926 HIGH PATCH This Week

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Sinec Infrastructure Network Services Mysql Workbench +8
NVD GitHub
CVSS 3.1
7.5
EPSS
7.0%
CVE-2019-19918 HIGH POC This Week

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Lout Backports Sle Fedora +1
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-19917 HIGH POC This Week

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lout Backports Sle Leap Fedora
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-19880 HIGH PATCH This Week

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Cloud Backup Debian Linux +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2019-16779 Ruby MEDIUM PATCH This Month

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Excon Backports Sle Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-13764 HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Memory Corruption Chrome Debian Linux +6
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2019-13745 MEDIUM POC This Month

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Package Hub +5
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-13734 HIGH PATCH This Week

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Memory Corruption Chrome Fedora +13
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-5164 HIGH POC This Week

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE Shadowsocks Libev Backports Sle +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-14856 PyPI MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle Leap Openstack
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-13719 MEDIUM This Month

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13718 MEDIUM This Month

Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-13717 MEDIUM This Month

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-13716 MEDIUM This Month

Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-13715 MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-13714 MEDIUM This Month

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Google RCE Chrome Backports Sle
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-13710 MEDIUM This Month

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-13709 MEDIUM This Month

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-13708 MEDIUM This Month

Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-13706 HIGH This Week

Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports Sle
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-13704 MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-13703 MEDIUM This Month

Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-13702 HIGH This Week

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Google Chrome Backports Sle
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-13701 MEDIUM This Month

Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Backports Sle
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-13700 HIGH This Week

Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Backports Sle
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13699 HIGH This Week

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-18622 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-10206 PyPI MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux Backports Sle Leap
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-17545 PyPI CRITICAL PATCH Act Now

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gdal Spatial And Graph Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-17455 CRITICAL POC Act Now

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libntlm Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-14846 PyPI HIGH PATCH This Week

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux Backports Sle Leap +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-11779 MEDIUM This Month

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mosquitto Ubuntu Linux Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-16159 HIGH PATCH This Week

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Bird Backports Sle Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-14744 HIGH POC PATCH This Week

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Kconfig Debian Linux Fedora +5
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2019-5060 HIGH POC This Week

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-5059 HIGH This Week

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5058 HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5057 HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5459 HIGH POC This Week

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player Backports Sle Backports +1
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2019-14274 MEDIUM POC This Month

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mcpp Backports Sle Leap
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-13962 CRITICAL POC Act Now

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player Backports Sle Leap +2
NVD
CVSS 3.1
9.8
EPSS
3.6%
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 12% CVSS 8.8
HIGH This Week

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +7
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Proftpd +4
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Weechat +4
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 80.0.3987.87 allowed a local attacker to obtain potentially sensitive information via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple +8
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 5.4
MEDIUM POC This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Chrome +7
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome +7
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome +7
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +7
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Integer Overflow +8
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud SSRF Nextcloud Server +2
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux +3
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti +6
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +8
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Otrs Debian Linux +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in GNU LibreDWG before 0.93. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services +9
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Lout +3
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lout Backports Sle +2
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Excon Backports Sle +2
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Memory Corruption +8
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Memory Corruption +15
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Google RCE +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Google +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Google +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Use After Free +3
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gdal Spatial And Graph +4
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libntlm +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Ansible Engine Debian Linux +3
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM This Month

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mosquitto Ubuntu Linux +4
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Bird +3
NVD
EPSS 4% CVSS 7.8
HIGH POC PATCH This Week

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Kconfig +7
NVD
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sdl2 Image +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Sdl2 Image +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +3
NVD
EPSS 3% CVSS 7.1
HIGH POC This Week

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mcpp +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Vlc Media Player +4
NVD
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy