Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2019-2531 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +8
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2019-2530 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +7
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2529 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Debian Linux Ubuntu Linux +12
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2019-2510 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Enterprise Linux +8
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2019-2481 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Oncommand Insight +8
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2019-2449 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +9
NVD
CVSS 3.1
3.1
EPSS
3.0%
CVE-2019-2436 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +7
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2019-2434 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Oncommand Unified Manager +8
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2019-2422 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +16
NVD
CVSS 3.1
3.1
EPSS
3.4%
CVE-2019-2420 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Oncommand Unified Manager +8
NVD
CVSS 3.1
4.9
EPSS
3.1%
CVE-2019-3811 MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux Fedora Leap +1
NVD
CVSS 3.1
5.2
EPSS
0.7%
CVE-2018-16884 HIGH PATCH This Week

A flaw was found in the Linux kernel's NFS41+ subsystem. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Privilege Escalation Linux Memory Corruption +5
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2018-18314 CRITICAL POC PATCH Act Now

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Perl Ubuntu Linux Debian Linux E Series Santricity Os Controller +4
NVD GitHub
CVSS 3.0
9.8
EPSS
6.1%
CVE-2018-18313 CRITICAL POC PATCH Act Now

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Perl Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.0
9.1
EPSS
9.5%
CVE-2018-18311 CRITICAL PATCH Act Now

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Perl Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-18312 CRITICAL POC THREAT Act Now

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Perl Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.0
9.8
EPSS
12.1%
CVE-2018-12121 HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node.js Node Js Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
7.5
EPSS
10.2%
CVE-2018-16862 MEDIUM PATCH This Month

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-16396 HIGH This Week

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruby Ubuntu Linux Debian Linux Enterprise Linux
NVD
CVSS 3.0
8.1
EPSS
8.0%
CVE-2018-16395 Ruby CRITICAL PATCH Act Now

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Ruby Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
10.7%
CVE-2018-16850 CRITICAL PATCH Act Now

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PostgreSQL Enterprise Linux Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2018-19215 HIGH POC This Week

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and !. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Netwide Assembler Enterprise Linux
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-19214 HIGH POC PATCH This Week

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Netwide Assembler Enterprise Linux
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-19208 MEDIUM POC This Month

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libwpd Enterprise Linux Suse Linux Enterprise Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-14667 Maven CRITICAL KEV PATCH THREAT Act Now

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE Richfaces Enterprise Linux
NVD
CVSS 3.1
9.8
EPSS
74.2%
CVE-2018-18897 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler Debian Linux Ubuntu Linux Enterprise Linux +6
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2018-14651 HIGH PATCH This Week

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Debian Linux Enterprise Linux Glusterfs
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-18751 CRITICAL POC Act Now

An issue was discovered in GNU gettext 0.19.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gettext Ubuntu Linux Enterprise Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-18584 MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract Libmspack Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-18438 MEDIUM PATCH This Month

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Qemu Enterprise Linux Openstack
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-12374 MEDIUM PATCH This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
4.3
EPSS
2.0%
CVE-2018-12373 MEDIUM This Month

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-12372 MEDIUM This Month

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Enterprise Linux Enterprise Linux Desktop +4
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-10933 CRITICAL POC PATCH THREAT Act Now

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Libssh Ubuntu Linux Debian Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
91.8%
CVE-2018-17456 CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower Enterprise Linux Enterprise Linux Desktop +7
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
97.4%
CVE-2018-14648 HIGH This Week

A flaw was found in 389 Directory Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
6.2%
CVE-2018-11763 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Http Server Ubuntu Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
51.0%
CVE-2018-14645 HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Haproxy Ubuntu Linux +3
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-14618 CRITICAL Act Now

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Libcurl Ubuntu Linux Debian Linux +1
NVD
CVSS 3.0
9.8
EPSS
11.1%
CVE-2018-16542 MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-16540 HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Ghostscript Openshift Container Platform +9
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-10930 MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux Enterprise Linux Server Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10928 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Enterprise Linux Server Glusterfs +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-10926 HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-14622 HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-10936 Maven HIGH PATCH This Week

A weakness was found in postgresql-jdbc before version 42.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PostgreSQL Postgresql Jdbc Driver Enterprise Linux
NVD
CVSS 3.0
8.1
EPSS
2.9%
CVE-2018-10883 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service Buffer Overflow Debian Linux +6
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-10882 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Linux Kernel +3
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-10879 HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Ubuntu Linux +6
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-1002200 Maven MEDIUM POC PATCH THREAT This Month

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Plexus Archiver Debian Linux Enterprise Linux Enterprise Linux Desktop +1
NVD GitHub
CVSS 3.0
5.5
EPSS
13.2%
CVE-2018-10880 MEDIUM POC PATCH This Month

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Debian Linux +3
NVD
CVSS 3.0
5.5
EPSS
2.9%
CVE-2018-10869 HIGH This Week

redhat-certification does not properly restrict files that can be download through the /download page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Path Traversal Certification Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-10877 MEDIUM PATCH This Month

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Ubuntu Linux Linux Kernel +2
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10840 MEDIUM POC This Month

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Linux Buffer Overflow Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2018-3693 MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E Atom X3 Atom Z +221
NVD
CVSS 3.1
5.6
EPSS
8.4%
CVE-2018-10872 MEDIUM PATCH This Month

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Privilege Escalation Linux Enterprise Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1129 MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-1128 HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10892 MEDIUM This Month

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Docker Moby Openstack Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-3760 Ruby HIGH POC PATCH THREAT This Week

There is an information leak vulnerability in Sprockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cloudforms Enterprise Linux Sprockets Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
26.7%
CVE-2018-3665 MEDIUM This Month

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure Core I3 Core I5 Core I7 +11
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-5184 HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux Thunderbird Thunderbird Esr +8
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5117 MEDIUM PATCH This Month

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Debian Linux Enterprise Linux Enterprise Linux Desktop +7
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-5096 CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-5095 CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service Debian Linux Enterprise Linux +8
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-5091 CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service Use After Free Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-11235 HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux Ubuntu Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
49.2%
CVE-2018-1000199 MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow Debian Linux Linux Kernel +8
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-1126 CRITICAL POC Act Now

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Procps Ng Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-1124 HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Privilege Escalation RCE Buffer Overflow Procps Ng +8
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-1111 HIGH POC THREAT Act Now

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Red Hat Command Injection Fedora Enterprise Virtualization Enterprise Virtualization Host +4
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
94.5%
CVE-2018-1087 HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-10184 HIGH This Week

An issue was discovered in HAProxy before 1.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Haproxy Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
8.4%
CVE-2018-10393 HIGH This Week

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libvorbis Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-10392 HIGH POC This Week

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libvorbis Debian Linux +4
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-1059 MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage Enterprise Linux Fast Datapath Openshift +5
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1079 MEDIUM This Month

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Path Traversal Pacemaker Command Line Interface Enterprise Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-8778 HIGH PATCH This Week

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruby Ubuntu Linux Debian Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
7.8%
CVE-2018-8777 HIGH PATCH This Week

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ruby Debian Linux Ubuntu Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
4.6%
CVE-2018-6914 HIGH PATCH This Week

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ruby Ubuntu Linux Debian Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
10.6%
CVE-2018-1301 MEDIUM This Month

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Buffer Overflow Http Server Debian Linux Ubuntu Linux +5
NVD
CVSS 3.0
5.9
EPSS
15.6%
CVE-2018-1283 MEDIUM This Month

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Http Server Debian Linux Ubuntu Linux +5
NVD
CVSS 3.0
5.3
EPSS
10.1%
CVE-2018-1063 MEDIUM This Month

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Selinux
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-1049 MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd Enterprise Linux Enterprise Linux Aus +8
NVD
CVSS 3.1
5.9
EPSS
7.3%
CVE-2018-1000026 HIGH This Week

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Enterprise Linux +4
NVD
CVSS 3.1
7.7
EPSS
3.9%
CVE-2014-8119 HIGH This Week

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fedora Enterprise Linux Netcf
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2016-3695 MEDIUM PATCH This Month

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15104 Go HIGH PATCH This Week

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Information Disclosure Heketi Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2017-15103 Go HIGH PATCH This Week

A security-check flaw was found in the way the Heketi 5 server API handled user requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Heketi Enterprise Linux
NVD
CVSS 3.0
8.8
EPSS
2.4%
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +9
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +14
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +11
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +9
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +18
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 1% CVSS 5.2
MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux +3
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

A flaw was found in the Linux kernel's NFS41+ subsystem. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Privilege Escalation +7
NVD
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Perl Ubuntu Linux +6
NVD GitHub
EPSS 10% CVSS 9.1
CRITICAL POC PATCH Act Now

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Perl +8
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL PATCH Act Now

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Perl +17
NVD GitHub
EPSS 12% CVSS 9.8
CRITICAL POC THREAT Act Now

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Perl Ubuntu Linux +6
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Node.js Node Js +7
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 8% CVSS 8.1
HIGH This Week

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ruby Ubuntu Linux +2
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Ruby +3
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PostgreSQL Enterprise Linux +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and !. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Netwide Assembler +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Netwide Assembler +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libwpd +2
NVD
EPSS 74% CVSS 9.8
CRITICAL KEV PATCH THREAT Act Now

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler Debian Linux +8
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Debian Linux +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in GNU gettext 0.19.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gettext Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Cabextract +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Qemu +2
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Mozilla Information Disclosure Thunderbird +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird +6
NVD
EPSS 92% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Libssh Ubuntu Linux +7
NVD Exploit-DB
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower +9
NVD GitHub Exploit-DB
EPSS 6% CVSS 7.5
HIGH This Week

A flaw was found in 389 Directory Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux +1
NVD
EPSS 51% CVSS 5.9
MEDIUM PATCH This Month

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Http Server +8
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Libcurl +3
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ghostscript +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +11
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host +5
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtirpc Ubuntu Linux +6
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A weakness was found in postgresql-jdbc before version 42.2.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PostgreSQL Postgresql Jdbc Driver +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +5
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +8
NVD
EPSS 13% CVSS 5.5
MEDIUM POC PATCH THREAT This Month

plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Plexus Archiver Debian Linux +3
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +5
NVD
EPSS 3% CVSS 7.5
HIGH This Week

redhat-certification does not properly restrict files that can be download through the /download page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Path Traversal +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux +4
NVD
EPSS 1% CVSS 6.6
MEDIUM POC This Month

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Linux Buffer Overflow +3
NVD
EPSS 8% CVSS 5.6
MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E +223
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Privilege Escalation Linux +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon +8
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon +8
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Docker Moby +4
NVD GitHub
EPSS 27% CVSS 7.5
HIGH POC PATCH THREAT This Week

There is an information leak vulnerability in Sprockets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cloudforms Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.6
MEDIUM This Month

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure Core I3 +13
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server +8
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Using remote content in encrypted messages can lead to the disclosure of plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Debian Linux +10
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Debian Linux +9
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Mozilla Denial Of Service +10
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Denial Of Service +10
NVD
EPSS 49% CVSS 7.8
HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux +7
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow +10
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Procps Ng +9
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Privilege Escalation RCE +10
NVD Exploit-DB
EPSS 94% CVSS 7.5
HIGH POC THREAT Act Now

DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Red Hat Command Injection Fedora +6
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH This Week

kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Linux Kernel +10
NVD
EPSS 8% CVSS 7.5
HIGH This Week

An issue was discovered in HAProxy before 1.8.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Haproxy +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libvorbis +5
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow +6
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Path Traversal +2
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruby Ubuntu Linux +2
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ruby Debian Linux +2
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ruby Ubuntu Linux +2
NVD
EPSS 16% CVSS 5.9
MEDIUM This Month

A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Buffer Overflow Http Server +7
NVD
EPSS 10% CVSS 5.3
MEDIUM This Month

In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Apache Information Disclosure Http Server +7
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Selinux
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Systemd +10
NVD
EPSS 4% CVSS 7.7
HIGH This Week

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fedora Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Information Disclosure Heketi +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A security-check flaw was found in the way the Heketi 5 server API handled user requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Privilege Escalation Command Injection Heketi +1
NVD
Prev Page 10 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy