Skip to main content

Enterprise Linux Server Eus

446 CVEs product

Monthly

CVE-2018-16541 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16540 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Openshift Container Platform +9
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-16539 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16511 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-16509 HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
92.5%
CVE-2018-14622 HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-15911 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15910 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15909 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15908 HIGH This Week

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-10873 HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux Ubuntu Linux Virtualization +7
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2018-10915 HIGH PATCH This Week

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Openstack Virtualization Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2018-5390 HIGH PATCH This Week

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Virtualization Enterprise Linux Desktop Enterprise Linux Server +35
NVD
CVSS 3.1
7.5
EPSS
73.5%
CVE-2018-14362 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14357 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14354 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2018-3693 MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E Atom X3 Atom Z +221
NVD
CVSS 3.1
5.6
EPSS
8.4%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-5185 MEDIUM This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-5184 HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux Thunderbird Thunderbird Esr +8
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5183 CRITICAL Act Now

Mozilla developers backported selected changes in the Skia library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5178 HIGH This Week

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Buffer Overflow Debian Linux Firefox Thunderbird +8
NVD
CVSS 3.0
8.1
EPSS
5.1%
CVE-2018-5170 MEDIUM This Month

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
4.3
EPSS
1.8%
CVE-2018-5168 MEDIUM This Month

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Debian Linux Firefox Thunderbird +8
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-5162 HIGH This Week

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5161 MEDIUM This Month

Crafted message headers can cause a Thunderbird process to hang on receiving the message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
4.3
EPSS
2.1%
CVE-2018-5159 CRITICAL POC THREAT Act Now

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
CVE-2018-5158 npm HIGH PATCH This Week

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection RCE Debian Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
8.8
EPSS
10.6%
CVE-2018-5157 HIGH This Week

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-5155 CRITICAL Act Now

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-5154 CRITICAL Act Now

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-5150 CRITICAL Act Now

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5148 CRITICAL Act Now

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5146 HIGH This Week

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
8.8
EPSS
12.1%
CVE-2018-5145 CRITICAL Act Now

Memory safety bugs were reported in Firefox ESR 52.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5144 HIGH This Week

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.3
EPSS
3.3%
CVE-2018-5131 MEDIUM This Month

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Debian Linux Firefox Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-5130 HIGH This Week

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-5129 HIGH This Week

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Debian Linux Firefox +7
NVD
CVSS 3.0
8.6
EPSS
3.0%
CVE-2018-5127 HIGH This Week

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.8
EPSS
8.0%
CVE-2018-5117 MEDIUM PATCH This Month

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Debian Linux Enterprise Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-5104 CRITICAL Act Now

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5103 CRITICAL Act Now

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5102 CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2018-5099 CRITICAL Act Now

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5098 CRITICAL Act Now

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5097 CRITICAL Act Now

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5096 CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5095 CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux +8
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-5091 CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12020 HIGH PATCH This Week

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus +5
NVD GitHub
CVSS 3.1
7.5
EPSS
8.7%
CVE-2018-11235 HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux Ubuntu Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
49.2%
CVE-2018-1000199 MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow Debian Linux Linux Kernel +8
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-1087 HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-10675 HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +8
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-1106 MEDIUM This Month

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Packagekit Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-2815 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +11
NVD
CVSS 3.1
5.3
EPSS
4.8%
CVE-2018-2814 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +10
NVD
CVSS 3.1
8.3
EPSS
3.7%
CVE-2018-2813 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Debian Linux Ubuntu Linux +13
NVD
CVSS 3.1
4.3
EPSS
2.6%
CVE-2018-2800 MEDIUM PATCH This Month

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +12
NVD
CVSS 3.0
4.2
EPSS
5.4%
CVE-2018-2799 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +13
NVD
CVSS 3.1
5.3
EPSS
15.1%
CVE-2018-2798 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.3
EPSS
7.8%
CVE-2018-2797 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.3
EPSS
7.8%
CVE-2018-2796 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.3
EPSS
6.9%
CVE-2018-2795 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.3
EPSS
7.8%
CVE-2018-2794 HIGH PATCH This Week

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Java Oracle Information Disclosure Jdk Jre +12
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2018-2790 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +11
NVD
CVSS 3.1
3.1
EPSS
5.1%
CVE-2018-10194 HIGH This Week

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ghostscript Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-1086 HIGH This Week

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pacemaker Command Line Interface Debian Linux Enterprise Linux Server Eus
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-1000156 HIGH This Week

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Patch Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
5.6%
CVE-2018-7566 HIGH PATCH This Week

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Buffer Overflow Linux Kernel Linux Enterprise Module For Public Cloud Linux Enterprise Server +9
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1000140 CRITICAL POC PATCH Act Now

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow Librelp Debian Linux +7
NVD GitHub
CVSS 3.0
9.8
EPSS
9.7%
CVE-2018-1068 MEDIUM PATCH This Month

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2018-7750 PyPI CRITICAL POC PATCH THREAT Act Now

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Paramiko Ansible Engine Cloudforms Virtualization +7
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
27.1%
CVE-2018-7858 MEDIUM PATCH This Month

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Qemu Leap +7
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2018-7550 HIGH PATCH This Week

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Buffer Overflow Qemu Debian Linux +7
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2018-7225 CRITICAL POC Act Now

An issue was discovered in LibVNCServer through 0.9.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Libvncserver Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.0
9.8
EPSS
6.2%
CVE-2018-5379 CRITICAL Act Now

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Quagga Debian Linux Ubuntu Linux +6
NVD
CVSS 3.0
9.8
EPSS
39.0%
CVE-2018-1049 MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd Enterprise Linux Enterprise Linux Aus +8
NVD
CVSS 3.1
5.9
EPSS
7.3%
CVE-2018-6927 HIGH PATCH This Week

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Ubuntu Linux +8
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-6871 CRITICAL POC PATCH THREAT Act Now

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Libreoffice Debian Linux Ubuntu Linux +6
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
23.2%
CVE-2018-6574 Go HIGH POC PATCH This Week

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Go Debian Linux Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
7.8
EPSS
7.8%
CVE-2018-6560 HIGH PATCH This Week

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Flatpak Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +3
NVD GitHub
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-1000001 HIGH POC THREAT Act Now

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Glibc Ubuntu Linux +7
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
13.4%
CVE-2018-5750 MEDIUM PATCH This Month

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-5748 HIGH PATCH This Week

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libvirt Debian Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-1000007 CRITICAL PATCH Act Now

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Debian Linux Ubuntu Linux Enterprise Linux Desktop +10
NVD
CVSS 3.1
9.8
EPSS
8.0%
CVE-2018-5683 MEDIUM POC PATCH This Month

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Qemu Debian Linux +7
NVD
CVSS 3.1
6.0
EPSS
0.7%
CVE-2018-5950 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mailman Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
6.1
EPSS
4.6%
CVE-2018-2678 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service Jdk Jre +14
NVD
CVSS 3.1
4.3
EPSS
4.7%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +9
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +11
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript +7
NVD
EPSS 92% CVSS 7.8
HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript +6
NVD Exploit-DB
EPSS 4% CVSS 7.5
HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux +6
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +7
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 2% CVSS 7.8
HIGH This Week

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Debian Linux +6
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux +9
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Openstack +7
NVD
EPSS 74% CVSS 7.5
HIGH PATCH This Week

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Virtualization +37
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt +8
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 8% CVSS 5.6
MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E +223
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server +8
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Mozilla developers backported selected changes in the Skia library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +10
NVD
EPSS 5% CVSS 8.1
HIGH This Week

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Buffer Overflow Debian Linux +10
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Debian Linux +10
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Crafted message headers can cause a Thunderbird process to hang on receiving the message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Mozilla Denial Of Service +11
NVD Exploit-DB
EPSS 11% CVSS 8.8
HIGH PATCH This Week

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection RCE +9
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +8
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +8
NVD
EPSS 12% CVSS 8.8
HIGH This Week

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs were reported in Firefox ESR 52.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +10
NVD
EPSS 3% CVSS 7.3
HIGH This Week

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow +9
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Debian Linux +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Debian Linux +7
NVD
EPSS 3% CVSS 8.6
HIGH This Week

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow +9
NVD
EPSS 8% CVSS 8.8
HIGH This Week

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +8
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Debian Linux +9
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Server +7
NVD GitHub
EPSS 49% CVSS 7.8
HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux +7
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow +10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +10
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Packagekit Enterprise Linux Desktop +7
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +13
NVD
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +12
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +15
NVD
EPSS 5% CVSS 4.2
MEDIUM PATCH This Month

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +14
NVD
EPSS 15% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +15
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +14
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +14
NVD
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +14
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +14
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.7), this vulnerability is no authentication required.

Java Oracle Information Disclosure +14
NVD
EPSS 5% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +13
NVD
EPSS 2% CVSS 7.8
HIGH This Week

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ghostscript +8
NVD
EPSS 2% CVSS 7.5
HIGH This Week

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pacemaker Command Line Interface Debian Linux +1
NVD
EPSS 6% CVSS 7.8
HIGH This Week

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Patch Ubuntu Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Buffer Overflow Linux Kernel +11
NVD
EPSS 10% CVSS 9.8
CRITICAL POC PATCH Act Now

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow +9
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +9
NVD GitHub
EPSS 27% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Paramiko Ansible Engine +9
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +9
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure RCE Buffer Overflow +9
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in LibVNCServer through 0.9.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Libvncserver +8
NVD GitHub
EPSS 39% CVSS 9.8
CRITICAL Act Now

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Quagga +8
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux +10
NVD GitHub
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Libreoffice +8
NVD GitHub Exploit-DB
EPSS 8% CVSS 7.8
HIGH POC PATCH This Week

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Go +5
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Flatpak Enterprise Linux Desktop +5
NVD GitHub
EPSS 13% CVSS 7.8
HIGH POC THREAT Act Now

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +9
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +9
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libvirt Debian Linux +6
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Debian Linux +12
NVD
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +9
NVD
EPSS 5% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mailman Debian Linux +7
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Denial Of Service +16
NVD
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy