Skip to main content

Enterprise Linux Workstation

1411 CVEs product

Monthly

CVE-2018-6053 LOW Monitor

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
3.3
EPSS
0.8%
CVE-2018-6052 MEDIUM This Month

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6051 MEDIUM This Month

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6050 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-6049 MEDIUM This Month

Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6048 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6047 MEDIUM This Month

Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.4%
CVE-2018-6046 MEDIUM This Month

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6045 MEDIUM This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6043 HIGH This Week

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-6042 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-6041 MEDIUM This Month

Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6040 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6039 MEDIUM This Month

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6038 MEDIUM This Month

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6037 MEDIUM This Month

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6036 MEDIUM This Month

Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6035 HIGH This Week

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6034 HIGH This Week

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Debian Linux +3
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2018-6033 HIGH This Week

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6032 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6031 HIGH This Week

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-15967 HIGH This Week

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
7.5
EPSS
7.6%
CVE-2018-14647 HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux Debian Linux Fedora +4
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2018-14633 HIGH PATCH This Week

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Linux Buffer Overflow Stack Overflow Linux Kernel +7
NVD
CVSS 3.1
7.0
EPSS
8.7%
CVE-2018-17183 HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-11781 HIGH This Week

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Apache Spamassassin Ubuntu Linux +5
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-14638 HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-16802 HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2018-5391 HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +48
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2018-14624 HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +4
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-16542 MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-16541 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16540 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Openshift Container Platform +9
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-16539 MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16511 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-16509 HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript Ubuntu Linux Enterprise Linux Desktop +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
92.5%
CVE-2018-10911 HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs Virtualization Host Enterprise Linux Desktop +4
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-16435 MEDIUM POC PATCH This Month

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Little Cms Color Engine Ubuntu Linux Enterprise Linux Desktop +3
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-16402 CRITICAL POC Act Now

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elfutils Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14622 HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-12828 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12827 HIGH POC PATCH THREAT This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow Flash Player Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
32.0%
CVE-2018-12826 HIGH PATCH This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2018-12825 CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-12824 MEDIUM PATCH This Month

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
5.9
EPSS
10.9%
CVE-2018-16062 MEDIUM This Month

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Elfutils Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2018-15911 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15910 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15909 HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux Ghostscript Gpl Ghostscript +7
NVD
CVSS 3.0
7.8
EPSS
3.0%
CVE-2018-15908 HIGH This Week

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-14599 CRITICAL PATCH Act Now

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libx11 Ubuntu Linux Debian Linux Fedora +3
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-10858 HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux Ubuntu Linux Samba +5
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-1139 HIGH This Week

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2018-10846 MEDIUM PATCH This Month

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. Rated medium severity (CVSS 5.6).

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.6
EPSS
0.4%
CVE-2018-10845 MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2018-10844 MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2018-10902 HIGH PATCH This Week

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Privilege Escalation Debian Linux Ubuntu Linux +4
NVD VulDB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1656 MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal Sdk Satellite +4
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2018-1517 HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure Software Development Kit Satellite +3
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-15473 MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH Openssh Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
98.6%
CVE-2018-10873 HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux Ubuntu Linux Virtualization +7
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2018-10915 HIGH PATCH This Week

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Openstack Virtualization Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.5
EPSS
5.2%
CVE-2018-5390 HIGH PATCH This Week

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Virtualization Enterprise Linux Desktop Enterprise Linux Server +35
NVD
CVSS 3.1
7.5
EPSS
73.5%
CVE-2018-1336 Maven HIGH PATCH This Week

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Denial Of Service Apache Jboss Enterprise Application Platform Ubuntu Linux +5
NVD
CVSS 3.1
7.5
EPSS
20.6%
CVE-2018-10897 HIGH PATCH This Week

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Yum Utils Virtualization Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.1
8.1
EPSS
5.7%
CVE-2018-10883 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service Buffer Overflow Debian Linux +6
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-14682 HIGH PATCH This Week

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-14681 HIGH PATCH This Week

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libmspack Cabextract Ubuntu Linux +5
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-14680 MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
6.5
EPSS
3.8%
CVE-2018-14679 MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libmspack Cabextract Ubuntu Linux Debian Linux +4
NVD GitHub
CVSS 3.0
6.5
EPSS
3.3%
CVE-2018-10881 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-10879 HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Ubuntu Linux +6
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10878 HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Ubuntu Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2018-10901 HIGH PATCH This Week

A flaw was found in Linux kernel's KVM virtualization subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-13988 MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Poppler Ubuntu Linux +6
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-1002200 Maven MEDIUM POC PATCH THREAT This Month

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Plexus Archiver Debian Linux Enterprise Linux Enterprise Linux Desktop +1
NVD GitHub
CVSS 3.0
5.5
EPSS
13.2%
CVE-2018-10906 HIGH POC PATCH This Week

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Debian Linux Fuse Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-5008 HIGH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
7.5
EPSS
6.8%
CVE-2018-5007 HIGH PATCH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
18.0%
CVE-2018-3081 MEDIUM PATCH This Month

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +8
NVD
CVSS 3.1
5.0
EPSS
2.4%
CVE-2018-3066 LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +8
NVD
CVSS 3.1
3.3
EPSS
1.9%
CVE-2018-3058 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +8
NVD
CVSS 3.1
4.3
EPSS
2.4%
CVE-2018-2973 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
5.9
EPSS
4.7%
CVE-2018-2952 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Jdk Jre +24
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2018-2940 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.3
EPSS
3.1%
CVE-2018-2767 LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL Debian Linux Ubuntu Linux +11
NVD
CVSS 3.1
3.1
EPSS
1.5%
CVE-2018-14362 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14357 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14354 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
EPSS 1% CVSS 3.3
LOW Monitor

Inappropriate implementation in New Tab Page in Google Chrome prior to 64.0.3282.119 allowed a local attacker to view website thumbnail images after clearing browser data via a crafted HTML page. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service +6
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure +5
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux +6
NVD
EPSS 9% CVSS 7.0
HIGH PATCH This Week

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Linux Buffer Overflow +9
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux +7
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Apache +7
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was found in 389-ds-base before version 1.3.8.4-13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Aus +5
NVD
EPSS 2% CVSS 7.8
HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux +7
NVD
EPSS 25% CVSS 7.5
HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +50
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop +6
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript +7
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +9
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +11
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Ubuntu Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ghostscript +7
NVD
EPSS 92% CVSS 7.8
HIGH POC THREAT Act Now

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Debian Linux Ghostscript +6
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs +6
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Little Cms Color Engine +5
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elfutils Debian Linux +5
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux +6
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Adobe Flash Player +3
NVD
EPSS 32% CVSS 7.5
HIGH POC PATCH THREAT This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Buffer Overflow +4
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow +4
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Adobe Flash Player +3
NVD
EPSS 11% CVSS 5.9
MEDIUM PATCH This Month

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Adobe Information Disclosure Buffer Overflow +5
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +7
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +7
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Debian Linux Ubuntu Linux +9
NVD
EPSS 2% CVSS 7.8
HIGH This Week

In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ghostscript Debian Linux +6
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libx11 Ubuntu Linux +5
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux +7
NVD
EPSS 3% CVSS 8.1
HIGH This Week

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Ubuntu Linux +3
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. Rated medium severity (CVSS 5.6).

Information Disclosure Gnutls Enterprise Linux Desktop +5
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop +5
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Privilege Escalation +6
NVD VulDB
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal +6
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java IBM Information Disclosure +5
NVD
EPSS 99% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH +22
NVD GitHub Exploit-DB
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux +9
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PostgreSQL Openstack +7
NVD
EPSS 74% CVSS 7.5
HIGH PATCH This Week

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Virtualization +37
NVD
EPSS 21% CVSS 7.5
HIGH PATCH This Week

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Denial Of Service Apache +7
NVD
EPSS 6% CVSS 8.1
HIGH PATCH This Week

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Yum Utils Virtualization +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract +6
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libmspack +7
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libmspack Cabextract +6
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libmspack Cabextract +6
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +9
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in Linux kernel's KVM virtualization subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel +4
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +8
NVD
EPSS 13% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Plexus Archiver Debian Linux +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Debian Linux +4
NVD Exploit-DB
EPSS 7% CVSS 7.5
HIGH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow +5
NVD
EPSS 18% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime +4
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL +10
NVD
EPSS 2% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL +10
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +10
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +20
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service +26
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +20
NVD
EPSS 2% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL +13
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt +8
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
Prev Page 5 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy