Skip to main content

Enterprise Linux Workstation

1411 CVEs product

Monthly

CVE-2018-3693 MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E Atom X3 Atom Z +221
NVD
CVSS 3.1
5.6
EPSS
8.4%
CVE-2018-10872 MEDIUM PATCH This Month

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Privilege Escalation Linux Enterprise Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1129 MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-1128 HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10861 HIGH PATCH This Week

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ceph Ceph Storage Ceph Storage Mon Ceph Storage Osd +5
NVD GitHub
CVSS 3.0
8.1
EPSS
3.2%
CVE-2018-5002 HIGH KEV PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Adobe RCE Buffer Overflow Flash Player Desktop Runtime +4
NVD GitHub
CVSS 3.1
7.8
EPSS
25.4%
CVE-2018-5001 MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
6.5
EPSS
13.3%
CVE-2018-5000 MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
6.5
EPSS
14.5%
CVE-2018-4945 HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
6.8%
CVE-2018-13785 MEDIUM PATCH This Month

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Libpng Ubuntu Linux Jdk +4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-13405 HIGH POC PATCH This Week

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Debian Linux Ubuntu Linux +24
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2018-12910 CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-1113 MEDIUM This Month

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Setup Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-13033 MEDIUM POC This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +1
NVD
CVSS 3.0
5.5
EPSS
3.1%
CVE-2018-10852 HIGH This Week

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Sssd Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-3665 MEDIUM This Month

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure Core I3 Core I5 Core I7 +11
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2018-1120 MEDIUM POC PATCH This Month

A flaw was found affecting the Linux kernel before version 4.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Linux Denial Of Service Buffer Overflow Linux Kernel +6
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.3%
CVE-2018-1061 HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux Ansible Tower Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-1060 HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora Ubuntu Linux Ansible Tower +4
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2018-0495 MEDIUM POC PATCH This Month

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Libgcrypt Ubuntu Linux Debian Linux Ansible Tower +4
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-11806 HIGH PATCH This Week

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Qemu Ubuntu Linux Openstack +8
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2018-5848 HIGH PATCH This Week

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android +5
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5803 MEDIUM This Month

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Debian Linux Virtualization Host +3
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-5185 MEDIUM This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-5184 HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux Thunderbird Thunderbird Esr +8
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5183 CRITICAL Act Now

Mozilla developers backported selected changes in the Skia library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +8
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5178 HIGH This Week

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Buffer Overflow Debian Linux Firefox Thunderbird +8
NVD
CVSS 3.0
8.1
EPSS
5.1%
CVE-2018-5170 MEDIUM This Month

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
4.3
EPSS
1.8%
CVE-2018-5168 MEDIUM This Month

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Debian Linux Firefox Thunderbird +8
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-5162 HIGH This Week

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5161 MEDIUM This Month

Crafted message headers can cause a Thunderbird process to hang on receiving the message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +7
NVD
CVSS 3.0
4.3
EPSS
2.1%
CVE-2018-5159 CRITICAL POC THREAT Act Now

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop +9
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
21.3%
CVE-2018-5158 npm HIGH PATCH This Week

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection RCE Debian Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
8.8
EPSS
10.6%
CVE-2018-5157 HIGH This Week

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-5155 CRITICAL Act Now

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.5%
CVE-2018-5154 CRITICAL Act Now

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +10
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-5150 CRITICAL Act Now

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +9
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-5148 CRITICAL Act Now

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5146 HIGH This Week

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +8
NVD
CVSS 3.0
8.8
EPSS
12.1%
CVE-2018-5145 CRITICAL Act Now

Memory safety bugs were reported in Firefox ESR 52.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Debian Linux Enterprise Linux Desktop +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5144 HIGH This Week

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.3
EPSS
3.3%
CVE-2018-5131 MEDIUM This Month

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Debian Linux Firefox Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-5130 HIGH This Week

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Debian Linux Enterprise Linux Desktop Enterprise Linux Server +5
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-5129 HIGH This Week

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow Debian Linux Firefox +7
NVD
CVSS 3.0
8.6
EPSS
3.0%
CVE-2018-5127 HIGH This Week

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +6
NVD
CVSS 3.0
8.8
EPSS
8.0%
CVE-2018-5125 HIGH This Week

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-5117 MEDIUM PATCH This Month

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Debian Linux Enterprise Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-5104 CRITICAL Act Now

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5103 CRITICAL Act Now

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5102 CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.2%
CVE-2018-5099 CRITICAL Act Now

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5098 CRITICAL Act Now

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-5097 CRITICAL Act Now

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
7.3%
CVE-2018-5096 CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5095 CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux +8
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-5091 CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-5089 CRITICAL Act Now

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-12020 HIGH PATCH This Week

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus +5
NVD GitHub
CVSS 3.1
7.5
EPSS
8.7%
CVE-2018-11235 HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux Ubuntu Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
49.2%
CVE-2018-1000301 CRITICAL PATCH Act Now

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Debian Linux Ubuntu Linux +7
NVD VulDB
CVSS 3.1
9.1
EPSS
2.8%
CVE-2018-1000199 MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow Debian Linux Linux Kernel +8
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-1126 CRITICAL POC Act Now

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Procps Ng Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-1124 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Privilege Escalation RCE Buffer Overflow Procps Ng +8
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-3639 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E Atom X5 E3930 Atom X5 E3940 +278
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
46.0%
Threat
4.0
CVE-2018-4944 CRITICAL Act Now

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Flash Player Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
9.8
EPSS
9.0%
CVE-2018-11237 HIGH POC PATCH This Week

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Glibc Virtualization Host Enterprise Linux Desktop +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-11236 CRITICAL PATCH Act Now

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Glibc Virtualization Host +7
NVD
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-1111 HIGH POC THREAT Act Now

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Red Hat Command Injection Fedora Enterprise Virtualization Enterprise Virtualization Host +4
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
94.5%
CVE-2018-11212 MEDIUM POC PATCH This Month

An issue was discovered in libjpeg 9a and 9d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libjpeg Debian Linux Ubuntu Linux Oncommand Unified Manager +9
NVD GitHub
CVSS 3.0
6.5
EPSS
5.1%
CVE-2018-1087 HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-10998 MEDIUM POC This Month

An issue was discovered in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-1118 MEDIUM This Month

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux Ubuntu Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1130 MEDIUM PATCH This Month

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1089 HIGH PATCH This Week

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow 389 Directory Server Enterprise Linux Desktop +3
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-8897 HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux Race Condition Intel +12
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
18.7%
CVE-2018-10768 MEDIUM POC This Month

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Null Pointer Dereference Denial Of Service Poppler Ubuntu Linux +5
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-10767 MEDIUM POC This Month

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libgxps Ansible Tower +3
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-0494 MEDIUM POC PATCH THREAT This Month

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Wget Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
17.0%
CVE-2018-10733 MEDIUM POC This Month

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libgxps Ansible Tower +4
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10675 HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +8
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-10583 HIGH POC THREAT This Week

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apache Information Disclosure Libreoffice Openoffice +5
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
78.7%
CVE-2018-10535 MEDIUM This Month

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-10534 MEDIUM This Month

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-10373 MEDIUM This Month

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2018-10372 MEDIUM POC This Month

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Binutils Enterprise Linux Desktop +2
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-10322 MEDIUM POC PATCH This Month

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Virtualization Host +3
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1106 MEDIUM This Month

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Packagekit Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-8781 HIGH PATCH This Week

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Linux Linux Kernel Ubuntu Linux +4
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-2819 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Ubuntu Linux +12
NVD
CVSS 3.1
6.5
EPSS
3.2%
EPSS 8% CVSS 5.6
MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E +223
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Privilege Escalation Linux +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon +8
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon +8
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ceph Ceph Storage +7
NVD GitHub
EPSS 25% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Adobe RCE +6
NVD GitHub
EPSS 13% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow +5
NVD
EPSS 14% CVSS 6.5
MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe Information Disclosure +5
NVD
EPSS 7% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Flash Player Desktop Runtime +4
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Libpng +6
NVD GitHub VulDB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel +26
NVD GitHub Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup +8
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Setup +3
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Sssd +3
NVD
EPSS 1% CVSS 5.6
MEDIUM This Month

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure Core I3 +13
NVD
EPSS 7% CVSS 5.3
MEDIUM POC PATCH This Month

A flaw was found affecting the Linux kernel before version 4.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Linux Denial Of Service +8
NVD Exploit-DB
EPSS 5% CVSS 7.5
HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux +6
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora +6
NVD
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Libgcrypt Ubuntu Linux +6
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server +8
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Qemu +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux +7
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Mozilla developers backported selected changes in the Skia library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +10
NVD
EPSS 5% CVSS 8.1
HIGH This Week

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Buffer Overflow Debian Linux +10
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

It is possible to spoof the filename of an attachment and display an arbitrary attachment name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Sites can bypass security checks on permissions to install lightweight themes by manipulating the "baseURI" property of the theme element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Debian Linux +10
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Plaintext of decrypted emails can leak through the src attribute of remote images, or links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Crafted message headers can cause a Thunderbird process to hang on receiving the message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +9
NVD
EPSS 21% CVSS 9.8
CRITICAL POC THREAT Act Now

An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Mozilla Denial Of Service +11
NVD Exploit-DB
EPSS 11% CVSS 8.8
HIGH PATCH This Week

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Code Injection RCE +9
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Enterprise Linux Desktop +8
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +12
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +8
NVD
EPSS 12% CVSS 8.8
HIGH This Week

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs were reported in Firefox ESR 52.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +10
NVD
EPSS 3% CVSS 7.3
HIGH This Week

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Buffer Overflow +9
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Debian Linux +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Debian Linux +7
NVD
EPSS 3% CVSS 8.6
HIGH This Week

A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Buffer Overflow +9
NVD
EPSS 8% CVSS 8.8
HIGH This Week

A buffer overflow can occur when manipulating the SVG "animatedPathSegList" through script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Enterprise Linux Desktop +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +7
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Debian Linux +9
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla RCE Buffer Overflow +7
NVD
EPSS 9% CVSS 7.5
HIGH PATCH This Week

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Enterprise Linux Desktop Enterprise Linux Server +7
NVD GitHub
EPSS 49% CVSS 7.8
HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux +7
NVD Exploit-DB
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +9
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow +10
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Procps Ng +9
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Privilege Escalation RCE +10
NVD Exploit-DB
EPSS 46% 4.0 CVSS 5.5
MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E +280
NVD Exploit-DB VulDB
EPSS 9% CVSS 9.8
CRITICAL Act Now

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Flash Player +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Glibc +9
NVD Exploit-DB
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow +9
NVD
EPSS 94% CVSS 7.5
HIGH POC THREAT Act Now

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Red Hat Command Injection Fedora +6
NVD Exploit-DB
EPSS 5% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in libjpeg 9a and 9d. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libjpeg Debian Linux +11
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel +10
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Exiv2 0.26. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Ubuntu Linux +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux +6
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow +5
NVD
EPSS 19% CVSS 7.8
HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux +14
NVD GitHub Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Null Pointer Dereference Denial Of Service +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 17% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Wget Ubuntu Linux +4
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +10
NVD GitHub
EPSS 79% CVSS 7.5
HIGH POC THREAT This Week

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Apache Information Disclosure +7
NVD Exploit-DB
EPSS 2% CVSS 5.5
MEDIUM This Month

The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils +3
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Binutils +3
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +4
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Packagekit Enterprise Linux Desktop +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Linux +6
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +14
NVD
Prev Page 6 of 16 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy