Skip to main content

Enterprise Linux Workstation

1411 CVEs product

Monthly

CVE-2015-4858 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Linux Solaris Leap +12
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-4836 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Linux Solaris Leap +12
NVD
CVSS 2.0
2.8
EPSS
0.9%
CVE-2015-4830 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security :. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +14
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-4826 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Leap Opensuse +11
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-4819 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL Linux Solaris +11
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-4816 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Solaris +10
NVD
CVSS 2.0
4.0
EPSS
4.0%
CVE-2015-4815 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Solaris +12
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-4802 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Leap Opensuse Linux +12
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-4792 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable.

Information Disclosure Oracle Leap Opensuse Enterprise Linux Desktop +12
NVD
CVSS 2.0
1.7
EPSS
0.9%
CVE-2015-5235 MEDIUM PATCH This Month

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Authentication Bypass Fedora Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-5234 MEDIUM PATCH This Month

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-9751 MEDIUM PATCH This Month

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Ntp Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
6.8
EPSS
4.8%
CVE-2014-9750 MEDIUM PATCH This Month

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Ntp Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
5.8
EPSS
4.4%
CVE-2015-3247 MEDIUM This Month

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service RCE Buffer Overflow Spice Enterprise Linux +4
NVD
CVSS 2.0
6.9
EPSS
0.8%
CVE-2015-5157 HIGH This Week

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD GitHub
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-3214 MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow Qemu Linux Kernel +17
NVD GitHub Exploit-DB
CVSS 2.0
6.9
EPSS
1.6%
CVE-2015-5165 CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora Linux Enterprise Debuginfo Linux Enterprise Server +20
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2015-4757 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux MySQL Debian Linux +8
NVD
CVSS 2.0
3.5
EPSS
4.3%
CVE-2015-4752 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Solaris Debian Linux +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2648 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Solaris Ubuntu Linux +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2643 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2582 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Ubuntu Linux Debian Linux +8
NVD
CVSS 2.0
4.0
EPSS
0.8%
CVE-2015-3281 MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy Ubuntu Linux Openstack Cloud +8
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-4142 MEDIUM This Month

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 2.0
4.3
EPSS
7.1%
CVE-2015-3209 HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE Qemu Junos Space +16
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-4148 MEDIUM POC PATCH THREAT This Month

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

PHP Information Disclosure Mac Os X Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
16.9%
CVE-2015-4147 HIGH POC PATCH THREAT Act Now

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

RCE PHP Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 2.0
7.5
EPSS
50.8%
Threat
4.5
CVE-2015-4026 HIGH POC PATCH This Week

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Enterprise Linux Mac Os X Enterprise Linux Desktop +5
NVD
CVSS 2.0
7.5
EPSS
9.6%
CVE-2015-4025 HIGH PATCH This Week

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Mac Os X Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
7.5
EPSS
6.1%
CVE-2015-4024 MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux Mac Os X System Management Homepage +8
NVD
CVSS 2.0
5.0
EPSS
75.5%
Threat
4.8
CVE-2015-4022 HIGH POC PATCH THREAT Act Now

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

RCE PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-4021 MEDIUM POC PATCH THREAT This Month

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.0%.

Denial Of Service PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
5.0
EPSS
42.0%
CVE-2015-3330 MEDIUM POC PATCH THREAT This Month

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 39.0%.

RCE PHP Denial Of Service Apache Linux +9
NVD
CVSS 2.0
6.8
EPSS
39.0%
Threat
4.0
CVE-2015-3329 HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.8%.

RCE PHP Buffer Overflow Mac Os X Enterprise Linux Desktop +8
NVD
CVSS 2.0
7.5
EPSS
28.8%
CVE-2015-3307 HIGH POC PATCH THREAT Act Now

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Denial Of Service PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
7.5
EPSS
18.4%
CVE-2015-2783 MEDIUM POC PATCH This Month

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service PHP Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node +6
NVD
CVSS 2.0
5.8
EPSS
9.7%
CVE-2015-1863 MEDIUM This Month

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Wpa Supplicant +8
NVD
CVSS 2.0
5.8
EPSS
8.5%
CVE-2015-1774 MEDIUM This Month

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow RCE Apache +8
NVD
CVSS 2.0
6.8
EPSS
9.7%
CVE-2015-1241 MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Chrome Debian Linux Ubuntu Linux +8
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2015-2573 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris MySQL MariaDB +11
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-2571 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +11
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2568 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Communications Policy Management MySQL +12
NVD
CVSS 2.0
5.0
EPSS
4.0%
CVE-2015-0505 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +11
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0501 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Junos Space MySQL Debian Linux +11
NVD
CVSS 2.0
5.7
EPSS
1.7%
CVE-2015-0499 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +11
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0441 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Debian Linux Ubuntu Linux +10
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0433 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management MySQL Solaris +12
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-0251 MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2015-0248 MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse Xcode Enterprise Linux Desktop +5
NVD
CVSS 2.0
5.0
EPSS
15.8%
CVE-2015-2787 HIGH POC THREAT Act Now

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.4%.

Deserialization RCE PHP Mac Os X Enterprise Linux Desktop +6
NVD GitHub
CVSS 2.0
7.5
EPSS
36.4%
Threat
4.1
CVE-2015-2348 MEDIUM POC This Month

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +5
NVD
CVSS 2.0
5.0
EPSS
7.2%
CVE-2015-2301 HIGH POC THREAT Act Now

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Memory Corruption PHP Denial Of Service Use After Free Ubuntu Linux +9
NVD
CVSS 2.0
7.5
EPSS
11.2%
CVE-2014-8169 MEDIUM This Month

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-0239 MEDIUM POC PATCH This Month

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a. Rated medium severity (CVSS 4.4). Public exploit code available.

Denial Of Service Privilege Escalation Linux Linux Kernel Ubuntu Linux +4
NVD GitHub
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-8160 MEDIUM PATCH This Month

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Linux Authentication Bypass Linux Kernel Opensuse Linux Enterprise Desktop +12
NVD GitHub
CVSS 2.0
5.0
EPSS
2.9%
CVE-2014-9675 MEDIUM POC This Month

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Freetype Debian Linux Fedora +7
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-9674 HIGH POC PATCH This Week

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Ubuntu Linux Solaris Fedora +8
NVD
CVSS 2.0
7.5
EPSS
5.1%
CVE-2014-9673 MEDIUM POC This Month

Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Debian Linux Enterprise Linux Desktop +7
NVD
CVSS 2.0
6.8
EPSS
4.2%
CVE-2014-9671 MEDIUM POC PATCH This Month

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus Enterprise Linux Server +7
NVD
CVSS 2.0
4.3
EPSS
3.2%
CVE-2014-9670 MEDIUM POC PATCH This Month

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Debian Linux Opensuse Fedora Solaris +8
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2014-9669 MEDIUM POC PATCH This Month

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Freetype +10
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2014-9667 MEDIUM POC This Month

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Ubuntu Linux Fedora +8
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-9666 MEDIUM POC PATCH This Month

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse Solaris Ubuntu Linux +9
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2014-9664 MEDIUM POC PATCH This Month

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +9
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2014-9663 HIGH POC PATCH This Week

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freetype Debian Linux Opensuse +9
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-9661 HIGH POC This Week

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +7
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2014-9660 HIGH POC PATCH This Week

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Opensuse Ubuntu Linux Debian Linux +9
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-9658 HIGH POC PATCH This Week

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Solaris Ubuntu Linux +10
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-9657 HIGH POC PATCH This Week

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Opensuse Enterprise Linux Desktop +10
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-1212 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Chrome Ubuntu Linux +6
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-1211 HIGH This Week

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Ubuntu Linux +6
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-1210 MEDIUM This Month

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Chrome Ubuntu Linux +6
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1209 HIGH This Week

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Google Microsoft +8
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2015-0236 LOW PATCH Monitor

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mageia Libvirt Ubuntu Linux Enterprise Linux Desktop +3
NVD
CVSS 2.0
3.5
EPSS
0.7%
CVE-2015-0432 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Ubuntu Linux Debian Linux +11
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0391 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Enterprise Linux Desktop Enterprise Linux Eus +9
NVD
CVSS 2.0
4.0
EPSS
3.1%
CVE-2015-0382 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management Solaris MySQL +14
NVD
CVSS 2.0
4.3
EPSS
15.2%
CVE-2015-0381 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris MySQL Ubuntu Linux +14
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2015-0374 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Debian Linux Fedora +13
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6568 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Eus +13
NVD
CVSS 2.0
3.5
EPSS
2.9%
CVE-2014-9585 LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +16
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-9584 LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +15
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9529 MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux Buffer Overflow Linux Kernel +10
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-7300 HIGH PATCH This Week

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Linux Gnome Shell Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-8136 LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia Libvirt Ubuntu Linux +5
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8108 MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2014-3580 MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7%.

Denial Of Service Apache Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +5
NVD
CVSS 2.0
5.0
EPSS
13.7%
CVE-2014-5353 LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Enterprise Linux Desktop Enterprise Linux Eus +9
NVD GitHub
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-8964 MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre MariaDB Fedora +8
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-7840 HIGH This Week

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Qemu Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server +3
NVD
CVSS 2.0
7.5
EPSS
2.5%
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Linux +14
NVD
EPSS 1% CVSS 2.8
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable.

Information Disclosure Oracle Linux +14
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security :. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +16
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +13
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL +13
NVD
EPSS 4% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +12
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +14
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Leap +14
NVD
EPSS 1% CVSS 1.7
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable.

Information Disclosure Oracle Leap +14
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Authentication Bypass Fedora Enterprise Linux Desktop +5
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Authentication Bypass Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
EPSS 5% CVSS 6.8
MEDIUM PATCH This Month

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Ntp Enterprise Linux Desktop +4
NVD
EPSS 4% CVSS 5.8
MEDIUM PATCH This Month

ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Ntp Enterprise Linux Desktop +4
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or. Rated medium severity (CVSS 6.9). No vendor patch available.

Denial Of Service RCE Buffer Overflow +6
NVD
EPSS 0% CVSS 7.2
HIGH This Week

arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Enterprise Linux Desktop +5
NVD GitHub
EPSS 2% CVSS 6.9
MEDIUM POC PATCH This Month

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute. Rated medium severity (CVSS 6.9). Public exploit code available.

RCE Linux Buffer Overflow +19
NVD GitHub Exploit-DB
EPSS 13% CVSS 9.3
CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora +22
NVD
EPSS 4% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +10
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +11
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +10
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy +10
NVD
EPSS 7% CVSS 4.3
MEDIUM This Month

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant +6
NVD
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE +18
NVD
EPSS 17% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.9%.

PHP Information Disclosure Mac Os X +6
NVD Exploit-DB
EPSS 51% 4.5 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

RCE PHP Enterprise Linux Desktop +6
NVD
EPSS 10% CVSS 7.5
HIGH POC PATCH This Week

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Authentication Bypass Enterprise Linux +7
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Mac Os X +7
NVD
EPSS 76% 4.8 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.5%.

Denial Of Service PHP Enterprise Linux +10
NVD
EPSS 21% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.6%.

RCE PHP Buffer Overflow +8
NVD
EPSS 42% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.0%.

Denial Of Service PHP Buffer Overflow +8
NVD
EPSS 39% 4.0 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 39.0%.

RCE PHP Denial Of Service +11
NVD
EPSS 29% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.8%.

RCE PHP Buffer Overflow +10
NVD
EPSS 18% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.4%.

Denial Of Service PHP Buffer Overflow +8
NVD
EPSS 10% CVSS 5.8
MEDIUM POC PATCH This Month

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service PHP Buffer Overflow +8
NVD
EPSS 9% CVSS 5.8
MEDIUM This Month

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +10
NVD
EPSS 10% CVSS 6.8
MEDIUM This Month

The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +10
NVD
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Chrome +10
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris +13
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +13
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +14
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop +13
NVD
EPSS 2% CVSS 5.7
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Junos Space +13
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL +13
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +12
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management +14
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse +7
NVD
EPSS 16% CVSS 5.0
MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse +7
NVD
EPSS 36% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.4%.

Deserialization RCE PHP +8
NVD GitHub
EPSS 7% CVSS 5.0
MEDIUM POC This Month

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Enterprise Linux Desktop +7
NVD
EPSS 11% CVSS 7.5
HIGH POC THREAT Act Now

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Memory Corruption PHP Denial Of Service +11
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a. Rated medium severity (CVSS 4.4). Public exploit code available.

Denial Of Service Privilege Escalation Linux +6
NVD GitHub
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Linux Authentication Bypass Linux Kernel +14
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM POC This Month

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Freetype +9
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Ubuntu Linux +10
NVD
EPSS 4% CVSS 6.8
MEDIUM POC This Month

Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux +9
NVD
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node +9
NVD
EPSS 5% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Debian Linux Opensuse +10
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 2% CVSS 6.8
MEDIUM POC This Month

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux +10
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse +11
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop +11
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freetype +11
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux +9
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Opensuse +11
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft +8
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +10
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mageia Libvirt +5
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +13
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management +16
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris +16
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +15
NVD
EPSS 3% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +15
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel +18
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +17
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux +12
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Linux Gnome Shell +4
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia +7
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Enterprise Linux Desktop +5
NVD
EPSS 14% CVSS 5.0
MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7%.

Denial Of Service Apache Enterprise Linux Desktop +7
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 +11
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre +10
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Qemu Enterprise Linux Desktop +5
NVD
Prev Page 13 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy