Skip to main content

Enterprise Linux For Scientific Computing

52 CVEs product

Monthly

CVE-2023-5455 MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Arm 64 Eus +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5869 HIGH This Week

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE PostgreSQL Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus +18
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-3972 HIGH PATCH This Week

A vulnerability was found in insights-client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Insights Client Enterprise Linux Enterprise Linux Aus +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5367 HIGH PATCH This Week

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption X Server Xwayland +10
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-3899 HIGH This Week

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Authentication Bypass Subscription Manager Fedora +18
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0494 HIGH PATCH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption X Server Fedora +16
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-0330 HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +35
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2019-13763 MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13762 LOW Monitor

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Debian Linux +5
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-13761 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-13759 MEDIUM POC This Month

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-13758 MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13757 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13756 MEDIUM This Month

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-13755 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2019-13754 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2019-13753 MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Debian Linux +6
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-13752 MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Chrome Debian Linux +6
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2019-13751 MEDIUM This Month

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-13750 MEDIUM This Month

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +5
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-13749 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-13748 MEDIUM PATCH This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2019-13747 HIGH This Week

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-13746 MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-13744 MEDIUM This Month

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-13743 MEDIUM This Month

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-13742 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-13741 HIGH This Week

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2019-13740 MEDIUM This Month

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-13739 MEDIUM PATCH This Month

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-13738 MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-13737 MEDIUM This Month

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-13736 HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow Chrome Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-13735 HIGH This Week

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-13732 HIGH This Week

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-13730 HIGH PATCH This Week

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +7
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-13729 HIGH POC This Week

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Information Disclosure Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-13728 HIGH This Week

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption Chrome Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-13727 HIGH This Week

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Debian Linux Fedora +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-13726 HIGH This Week

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Chrome Debian Linux +5
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2019-13725 HIGH This Week

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free RCE Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-6470 HIGH POC This Week

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dhcpd Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus +15
NVD
CVSS 3.1
7.5
EPSS
8.8%
CVE-2019-11043 CRITICAL POC KEV THREAT Emergency

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow RCE Ubuntu Linux Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2019-7317 MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Libpng Debian Linux +30
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2015-3405 HIGH PATCH Act Now

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.6%.

Information Disclosure Ntp Debian Linux Suse Linux Enterprise Server Suse Linux Enterprise Desktop +8
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2016-9675 HIGH PATCH This Week

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Openjpeg Enterprise Linux +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2016-5009 MEDIUM This Month

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Storage Mon Ceph Storage Osd Enterprise Linux Desktop Enterprise Linux For Scientific Computing +3
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-2818 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +20
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2015-3214 MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow Qemu Linux Kernel +17
NVD GitHub Exploit-DB
CVSS 2.0
6.9
EPSS
1.6%
CVE-2015-5165 CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora Linux Enterprise Debuginfo Linux Enterprise Server +20
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2012-1717 LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Java Oracle Information Disclosure Jre Jdk +15
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian +19
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow RCE PostgreSQL +20
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in insights-client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation RCE Insights Client +18
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A out-of-bounds write flaw was found in the xorg-x11-server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Memory Corruption +12
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Authentication Bypass +20
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +18
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +37
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +8
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +8
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +7
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +7
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google Chrome +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Uninitialized data in rendering in Google Chrome on Android prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient validation of untrusted input in Blink in Google Chrome prior to 79.0.3945.79 allowed a local attacker to bypass same origin policy via crafted clipboard content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in navigation in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use-after-free in WebAudio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Information Disclosure +8
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Memory Corruption +9
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use-after-free in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Information Disclosure +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Memory Corruption +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free RCE +8
NVD
EPSS 9% CVSS 7.5
HIGH POC This Week

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dhcpd Enterprise Linux +17
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow RCE +22
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +32
NVD GitHub VulDB
EPSS 17% CVSS 7.5
HIGH PATCH Act Now

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.6%.

Information Disclosure Ntp Debian Linux +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE +5
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Storage Mon Ceph Storage Osd +5
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +22
NVD
EPSS 2% CVSS 6.9
MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow +19
NVD GitHub Exploit-DB
EPSS 13% CVSS 9.3
CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora +22
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Java Oracle Information Disclosure +17
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy