Skip to main content

Enterprise Linux Server Eus

446 CVEs product

Monthly

CVE-2021-20233 HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2021-20225 MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2019-5544 CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware Memory Corruption Horizon Daas ESXi +14
NVD
CVSS 3.1
9.8
EPSS
96.8%
CVE-2019-10216 HIGH PATCH This Week

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ghostscript 3Scale Api Management Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-0155 HIGH This Week

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Intel Enterprise Linux Server Aus Enterprise Linux Server Eus +352
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-14813 CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
9.8
EPSS
11.4%
CVE-2019-1125 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd Intel Windows 10 +14
NVD Exploit-DB
CVSS 3.1
5.6
EPSS
4.5%
CVE-2019-10171 HIGH This Week

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 389 Directory Server Enterprise Linux Server Eus
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-10168 HIGH This Week

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10167 HIGH This Week

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10166 HIGH This Week

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10182 MEDIUM PATCH This Month

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +2
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2019-3878 HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon Fedora Enterprise Linux +7
NVD GitHub
CVSS 3.0
8.1
EPSS
3.0%
CVE-2019-3857 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3856 HIGH PATCH This Week

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3838 MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3835 MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3863 HIGH PATCH This Week

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Libssh2 Debian Linux Ontap Select Deploy Administration Utility +7
NVD
CVSS 3.0
8.8
EPSS
3.4%
CVE-2019-9948 CRITICAL POC PATCH THREAT Act Now

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Leap Debian Linux Fedora +7
NVD GitHub
CVSS 3.1
9.1
EPSS
11.8%
CVE-2019-3855 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Fedora Debian Linux +11
NVD
CVSS 3.1
8.8
EPSS
9.2%
CVE-2019-7221 HIGH POC PATCH This Week

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +14
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-6454 MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Systemd Leap +20
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2019-6116 HIGH POC PATCH THREAT This Week

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Ghostscript Fedora Ubuntu Linux Debian Linux +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
43.9%
CVE-2019-3816 HIGH This Week

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Openwsman Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus +7
NVD
CVSS 3.1
7.5
EPSS
14.7%
CVE-2019-9636 CRITICAL PATCH Act Now

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Leap Debian Linux +12
NVD GitHub
CVSS 3.1
9.8
EPSS
9.1%
CVE-2019-6974 HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Debian Linux +22
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
16.5%
CVE-2019-8308 HIGH This Week

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Flatpak Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
8.2
EPSS
0.5%
CVE-2019-3813 HIGH This Week

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Spice Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-3815 LOW Monitor

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Openshift Container Platform Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-2422 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +16
NVD
CVSS 3.1
3.1
EPSS
3.4%
CVE-2019-6133 MEDIUM PATCH This Month

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. Rated medium severity (CVSS 6.7).

Authentication Bypass Race Condition Polkit Debian Linux Enterprise Linux Desktop +6
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-19134 HIGH POC This Week

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ghostscript Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-15127 CRITICAL Act Now

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Libvncserver Ubuntu Linux +7
NVD
CVSS 3.0
9.8
EPSS
15.1%
CVE-2018-18397 MEDIUM POC PATCH This Month

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Openshift Container Platform Virtualization Host +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-18356 HIGH This Week

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Chrome Debian Linux +8
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-9568 HIGH PATCH This Week

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Buffer Overflow Android Ubuntu Linux +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-16863 HIGH PATCH This Week

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Red Hat Authentication Bypass Ghostscript Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8786 CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2018-14646 MEDIUM PATCH This Month

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-19477 HIGH POC PATCH This Week

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-19476 HIGH POC PATCH This Week

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-19475 HIGH POC PATCH This Week

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Openshift Container Platform +6
NVD
CVSS 3.0
7.8
EPSS
9.5%
CVE-2018-19409 CRITICAL Act Now

An issue was discovered in Artifex Ghostscript before 9.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2018-5407 MEDIUM POC PATCH This Month

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Ubuntu Linux Debian Linux Node Js OpenSSL +16
NVD GitHub Exploit-DB
CVSS 3.1
4.7
EPSS
3.4%
CVE-2018-17466 HIGH This Week

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Enterprise Linux Desktop +7
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-19115 CRITICAL PATCH Act Now

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Keepalived Debian Linux Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-15688 HIGH PATCH This Week

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Systemd Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2018-14665 MEDIUM POC PATCH THREAT This Month

A flaw was found in xorg-x11-server before 1.20.3. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass RCE X Server Enterprise Linux Desktop Enterprise Linux Server +6
NVD Exploit-DB
CVSS 3.0
6.6
EPSS
27.0%
CVE-2018-18559 HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel Openshift Container Platform +7
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-18284 HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Gpl Ghostscript +7
NVD
CVSS 3.0
8.6
EPSS
16.3%
CVE-2018-5188 CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Ubuntu Linux +9
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2018-5156 CRITICAL Act Now

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-12387 CRITICAL POC Act Now

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
9.1
EPSS
9.6%
CVE-2018-12386 HIGH POC THREAT This Week

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.1
EPSS
13.4%
CVE-2018-12385 HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-12383 MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-12379 HIGH This Week

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-12378 CRITICAL Act Now

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12377 CRITICAL Act Now

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12376 CRITICAL Act Now

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-12366 MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-12365 MEDIUM This Month

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-12364 HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-12363 HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12362 HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Enterprise Linux Desktop Enterprise Linux Server +9
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-12360 HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-12359 HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
8.8
EPSS
4.6%
CVE-2018-18445 HIGH PATCH This Week

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Linux Kernel Ubuntu Linux +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-3214 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.3
EPSS
7.0%
CVE-2018-3183 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
9.0
EPSS
2.8%
CVE-2018-3180 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.6
EPSS
3.4%
CVE-2018-3169 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +11
NVD
CVSS 3.1
8.3
EPSS
4.0%
CVE-2018-3149 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
8.3
EPSS
7.2%
CVE-2018-3139 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +11
NVD
CVSS 3.1
3.1
EPSS
5.2%
CVE-2018-3136 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +11
NVD
CVSS 3.1
3.4
EPSS
3.6%
CVE-2018-18073 MEDIUM PATCH This Month

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
6.3
EPSS
2.7%
CVE-2018-17961 HIGH POC PATCH This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
10.0%
CVE-2018-1000805 PyPI HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower Virtualization Host Enterprise Linux Desktop +7
NVD GitHub
CVSS 3.1
8.8
EPSS
4.4%
CVE-2018-17456 CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower Enterprise Linux Enterprise Linux Desktop +7
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
97.4%
CVE-2018-11784 Maven MEDIUM POC PATCH THREAT This Month

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Tomcat Open Redirect Debian Linux Ubuntu Linux +12
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
94.5%
CVE-2018-17972 MEDIUM PATCH This Month

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14650 MEDIUM POC PATCH This Month

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sos Collector Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +2
NVD GitHub
CVSS 3.0
5.0
EPSS
0.4%
CVE-2018-14634 HIGH POC KEV PATCH THREAT This Week

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow Pan Os Big Ip Access Policy Manager +26
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
14.8%
CVE-2018-17183 HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-11781 HIGH This Week

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Apache Spamassassin Ubuntu Linux +5
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-14638 HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-16802 HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2018-5391 HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +48
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2018-14624 HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +4
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-16542 MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
EPSS 1% CVSS 8.2
HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 +7
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 +7
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow VMware Memory Corruption +16
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ghostscript 3Scale Api Management +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Intel +354
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform +10
NVD
EPSS 5% CVSS 5.6
MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd +16
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Red Hat 389 Directory Server +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an "emulatorbin" argument to specify the program providing emulation for a domain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Libvirt Enterprise Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Libvirt Enterprise Linux +7
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Enterprise Linux Desktop +4
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon +9
NVD GitHub
EPSS 6% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +12
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +12
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower +10
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Ansible Tower +9
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Libssh2 +9
NVD
EPSS 12% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Leap +9
NVD GitHub
EPSS 9% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +13
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +16
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption +22
NVD GitHub
EPSS 44% CVSS 7.8
HIGH POC PATCH THREAT This Week

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Ghostscript Fedora +9
NVD Exploit-DB
EPSS 15% CVSS 7.5
HIGH This Week

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Openwsman Enterprise Linux +9
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +14
NVD GitHub
EPSS 17% CVSS 8.1
HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure +24
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.2
HIGH This Week

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Flatpak Debian Linux +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Buffer Overflow Spice +8
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Openshift Container Platform +6
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +18
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. Rated medium severity (CVSS 6.7).

Authentication Bypass Race Condition Polkit +8
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ghostscript Debian Linux +5
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +9
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +9
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Buffer Overflow +9
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Red Hat Authentication Bypass Ghostscript +6
NVD
EPSS 8% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Freerdp +9
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux +7
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +8
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Artifex Ghostscript before 9.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux +6
NVD
EPSS 3% CVSS 4.7
MEDIUM POC PATCH This Month

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Ubuntu Linux Debian Linux +18
NVD GitHub Exploit-DB
EPSS 3% CVSS 8.8
HIGH This Week

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow +9
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Keepalived +6
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Systemd Debian Linux +7
NVD GitHub
EPSS 27% CVSS 6.6
MEDIUM POC PATCH THREAT This Month

A flaw was found in xorg-x11-server before 1.20.3. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass RCE X Server +8
NVD Exploit-DB
EPSS 3% CVSS 8.1
HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux +9
NVD
EPSS 16% CVSS 8.6
HIGH POC PATCH THREAT This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Ghostscript Debian Linux +9
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +11
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop +9
NVD
EPSS 10% CVSS 9.1
CRITICAL POC Act Now

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +8
NVD
EPSS 13% CVSS 8.1
HIGH POC THREAT This Week

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla RCE Enterprise Linux Desktop +8
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. Rated high severity (CVSS 7.0). No vendor patch available.

Mozilla Denial Of Service Enterprise Linux Desktop +10
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow +9
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +10
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Buffer Overflow +11
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Adobe +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 5% CVSS 8.8
HIGH This Week

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux +8
NVD GitHub
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +14
NVD
EPSS 3% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +14
NVD
EPSS 3% CVSS 5.6
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service +14
NVD
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +13
NVD
EPSS 7% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +14
NVD
EPSS 5% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +13
NVD
EPSS 4% CVSS 3.4
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +13
NVD
EPSS 3% CVSS 6.3
MEDIUM PATCH This Month

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Debian Linux +7
NVD
EPSS 10% CVSS 8.6
HIGH POC PATCH This Week

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ghostscript Debian Linux +7
NVD Exploit-DB
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower +9
NVD GitHub
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower +9
NVD GitHub Exploit-DB
EPSS 94% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Tomcat Open Redirect +14
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux +9
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sos Collector Enterprise Linux Desktop +4
NVD GitHub
EPSS 15% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow +28
NVD Exploit-DB
EPSS 2% CVSS 7.8
HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Apache +7
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus +5
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux +7
NVD
EPSS 25% CVSS 7.5
HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +50
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop +6
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript +7
NVD
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy