Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2017-15121 MEDIUM This Month

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-15116 MEDIUM PATCH This Month

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2017-15102 MEDIUM PATCH This Month

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by. Rated medium severity (CVSS 6.3). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD GitHub
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-1000111 HIGH This Week

Linux kernel: heap out-of-bounds in AF_PACKET sockets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Linux Linux Kernel Enterprise Linux +7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-7837 MEDIUM This Month

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux Enterprise Linux Desktop +4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7553 MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux Red Hat Enterprise Linux +2
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2017-10661 HIGH POC PATCH THREAT Act Now

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and EPSS exploitation probability 25.7%.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +5
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
25.7%
CVE-2017-3106 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

RCE Adobe Enterprise Linux Enterprise Linux Desktop Enterprise Linux Workstation +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
53.3%
Threat
4.9
CVE-2017-3085 HIGH POC PATCH This Week

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.1
7.4
EPSS
0.8%
CVE-2014-0143 HIGH PATCH This Week

Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in. Rated high severity (CVSS 7.0).

Integer Overflow Denial Of Service Buffer Overflow Enterprise Linux Qemu
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-6312 MEDIUM This Month

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Red Hat Enterprise Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-9953 HIGH POC This Week

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free Exiv2 Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-1000376 HIGH This Week

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Enterprise Virtualization Server Openshift Enterprise Linux +3
NVD
CVSS 3.1
7.0
EPSS
2.4%
CVE-2017-1000366 HIGH POC PATCH This Week

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server +17
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
8.9%
CVE-2017-3074 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3073 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Buffer Overflow RCE Adobe +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2017-3072 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3071 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE Adobe Memory Corruption +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2017-3070 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3069 HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2017-3068 HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Buffer Overflow Memory Corruption Adobe RCE Flash Player Desktop Runtime +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
68.5%
Threat
5.3
CVE-2016-0721 HIGH PATCH This Week

Session fixation vulnerability in pcsd in pcs before 0.9.157. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Pcs Fedora Enterprise Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-0720 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Pcs Fedora Enterprise Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-5645 Maven CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE Log4J Oncommand Api Services +77
NVD
CVSS 3.1
9.8
EPSS
94.0%
Threat
6.3
CVE-2016-4459 HIGH This Week

Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mod Cluster Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2015-2877 LOW Monitor

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2016-3616 HIGH This Week

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service RCE Libjpeg Turbo Enterprise Linux +2
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-2568 HIGH This Week

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Polkit Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-9675 HIGH PATCH This Week

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Openjpeg Enterprise Linux +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2016-7091 MEDIUM PATCH This Month

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +2
NVD
CVSS 3.0
4.4
EPSS
0.1%
CVE-2016-1000033 LOW Monitor

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Shotwell Enterprise Linux
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2016-6662 CRITICAL POC PATCH THREAT Act Now

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.6%.

RCE Privilege Escalation Oracle MySQL Percona Server +10
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.6%
Threat
6.1
CVE-2016-5766 HIGH POC PATCH THREAT Act Now

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Integer Overflow Denial Of Service PHP Buffer Overflow Openshift +5
NVD GitHub
CVSS 3.0
8.8
EPSS
16.2%
CVE-2016-5444 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle MySQL MariaDB Powerkvm +8
NVD
CVSS 3.0
3.7
EPSS
3.8%
CVE-2016-3471 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. Rated high severity (CVSS 7.5).

Information Disclosure Oracle MySQL Enterprise Linux MariaDB
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2016-3452 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Enterprise Linux MySQL MariaDB +2
NVD
CVSS 3.0
3.7
EPSS
3.3%
CVE-2016-6170 MEDIUM POC PATCH THREAT This Month

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service Bind Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
13.0%
CVE-2016-5244 HIGH PATCH This Week

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Fedora Linux Enterprise Real Time Extension Linux Enterprise Debuginfo +8
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4470 MEDIUM PATCH This Month

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Vm Server Linux Kernel Suse Linux Enterprise Real Time Extension +10
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-2150 HIGH This Week

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Eus Enterprise Linux Server +7
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-0749 CRITICAL Act Now

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Leap Opensuse +9
NVD
CVSS 3.0
9.8
EPSS
16.0%
CVE-2016-4805 HIGH PATCH This Week

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Buffer Overflow +11
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-4644 HIGH This Week

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP PostgreSQL Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
9.9%
CVE-2015-4605 HIGH POC This Week

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE PHP Denial Of Service Enterprise Linux Desktop +6
NVD
CVSS 3.0
7.5
EPSS
9.1%
CVE-2015-4604 HIGH POC This Week

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE PHP Denial Of Service Enterprise Linux Desktop +6
NVD
CVSS 3.0
7.5
EPSS
9.1%
CVE-2015-4603 CRITICAL POC Act Now

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 3.0
9.8
EPSS
8.1%
CVE-2015-4602 CRITICAL POC THREAT Emergency

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

RCE PHP Denial Of Service Enterprise Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
9.8
EPSS
12.9%
CVE-2015-4598 MEDIUM This Month

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2015-3412 MEDIUM POC This Month

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +4
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2015-3411 MEDIUM POC This Month

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2015-1350 MEDIUM POC PATCH This Month

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-2143 HIGH PATCH This Week

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-0666 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Enterprise Linux Debian Linux MariaDB +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0665 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Enterprise Linux MySQL Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-0661 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MySQL Enterprise Linux Ubuntu Linux
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-0655 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MariaDB Debian Linux Leap +2
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-0650 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Linux Leap Powerkvm +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0649 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Powerkvm Enterprise Linux Leap +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0648 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Leap Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0647 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap Debian Linux Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0646 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Linux Enterprise Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0644 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Leap Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0643 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Enterprise Linux Powerkvm +3
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2016-0641 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap Debian Linux MySQL +4
NVD
CVSS 3.0
5.1
EPSS
0.2%
CVE-2016-0640 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL Linux Leap +4
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-0639 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.3%.

Information Disclosure Oracle Enterprise Linux MySQL
NVD
CVSS 3.0
9.8
EPSS
15.3%
CVE-2016-0741 HIGH PATCH This Week

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +2
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2016-0739 MEDIUM This Month

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Enterprise Linux Ubuntu Linux Libssh +2
NVD
CVSS 3.0
5.9
EPSS
4.3%
CVE-2015-5229 HIGH This Week

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-2047 MEDIUM PATCH This Month

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle MariaDB Linux MySQL +4
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2016-0611 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Ubuntu Linux MySQL Leap +2
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2016-0610 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL Debian Linux MariaDB +4
NVD
CVSS 2.0
3.5
EPSS
0.7%
CVE-2016-0609 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable.

Information Disclosure Oracle Linux Enterprise Linux Debian Linux +13
NVD
CVSS 2.0
1.7
EPSS
0.8%
CVE-2016-0608 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Linux Enterprise Linux Enterprise Linux Desktop +13
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2016-0607 LOW Monitor

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Enterprise Linux MySQL Leap +2
NVD
CVSS 2.0
2.8
EPSS
0.7%
CVE-2016-0606 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Debian Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +13
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2016-0605 LOW Monitor

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Enterprise Linux Leap Opensuse +1
NVD
CVSS 2.0
2.1
EPSS
0.6%
CVE-2016-0600 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Enterprise Linux Debian Linux Enterprise Linux Desktop +13
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2016-0598 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Leap Opensuse Linux +13
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2016-0597 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Enterprise Linux Solaris Linux +13
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2016-0596 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +13
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2016-0595 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Enterprise Linux MySQL Ubuntu Linux +2
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2016-0546 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Buffer Overflow Oracle Ubuntu Linux MariaDB Enterprise Linux +13
NVD GitHub
CVSS 2.0
7.2
EPSS
0.2%
CVE-2016-0505 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +13
NVD
CVSS 2.0
6.8
EPSS
6.5%
CVE-2016-0504 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Ubuntu Linux Leap +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2016-0503 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Ubuntu Linux Enterprise Linux Leap +2
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2015-8668 CRITICAL POC Act Now

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Libtiff +5
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2015-5281 LOW Monitor

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a. Rated low severity (CVSS 2.6). No vendor patch available.

Red Hat Privilege Escalation Enterprise Linux
NVD
CVSS 2.0
2.6
EPSS
0.1%
CVE-2015-4910 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL Enterprise Linux
NVD
CVSS 2.0
2.1
EPSS
0.8%
CVE-2015-4890 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Enterprise Linux MySQL
NVD
CVSS 2.0
3.5
EPSS
0.4%
EPSS 0% CVSS 5.5
MEDIUM This Month

A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Red Hat Enterprise Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by. Rated medium severity (CVSS 6.3). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Linux kernel: heap out-of-bounds in AF_PACKET sockets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Linux +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat +6
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux +4
NVD
EPSS 26% CVSS 7.0
HIGH POC PATCH THREAT Act Now

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and EPSS exploitation probability 25.7%.

Denial Of Service Memory Corruption Linux +7
NVD GitHub Exploit-DB
EPSS 53% 4.9 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 53.3%.

RCE Adobe Enterprise Linux +4
NVD Exploit-DB
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Adobe Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in. Rated high severity (CVSS 7.0).

Integer Overflow Denial Of Service Buffer Overflow +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The mod_dontdothat component of the mod_dav_svn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Red Hat +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Use After Free +2
NVD
EPSS 2% CVSS 7.0
HIGH This Week

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow RCE Enterprise Virtualization Server +5
NVD
EPSS 9% CVSS 7.8
HIGH POC PATCH This Week

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow RCE Enterprise Linux +19
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Buffer Overflow +8
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free RCE +7
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Adobe +6
NVD
EPSS 68% 5.3 CVSS 8.8
HIGH POC PATCH THREAT Act Now

Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.5%.

Buffer Overflow Memory Corruption Adobe +6
NVD Exploit-DB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Session fixation vulnerability in pcsd in pcs before 0.9.157. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation Information Disclosure Pcs +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Pcs Fedora +1
NVD GitHub
EPSS 94% 6.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.0%.

Deserialization Apache RCE +79
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mod Cluster Enterprise Linux
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service RCE +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Polkit Enterprise Linux
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE +5
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Red Hat Information Disclosure Enterprise Linux +4
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Shotwell Enterprise Linux
NVD
EPSS 90% 6.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.6%.

RCE Privilege Escalation Oracle +12
NVD Exploit-DB
EPSS 16% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.2%.

Integer Overflow Denial Of Service PHP +7
NVD GitHub
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle MySQL +10
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. Rated high severity (CVSS 7.5).

Information Disclosure Oracle MySQL +2
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Enterprise Linux +4
NVD
EPSS 13% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service Bind Enterprise Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Fedora +10
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Vm Server +12
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Linux Enterprise Linux Desktop +9
NVD
EPSS 16% CVSS 9.8
CRITICAL Act Now

The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +13
NVD GitHub
EPSS 10% CVSS 7.5
HIGH This Week

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP PostgreSQL +1
NVD
EPSS 9% CVSS 7.5
HIGH POC This Week

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE PHP +8
NVD
EPSS 9% CVSS 7.5
HIGH POC This Week

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE PHP +8
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Enterprise Linux Desktop +6
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

RCE PHP Denial Of Service +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Enterprise Linux Desktop +6
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Enterprise Linux Desktop +6
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Enterprise Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Enterprise Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Enterprise Linux +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MySQL +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MariaDB +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Powerkvm +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +6
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +5
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap +6
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL +6
NVD
EPSS 15% CVSS 9.8
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.3%.

Information Disclosure Oracle Enterprise Linux +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop +4
NVD
EPSS 4% CVSS 5.9
MEDIUM This Month

libssh before 0.7.3 improperly truncates ephemeral secrets generated for the (1) diffie-hellman-group1 and (2) diffie-hellman-group14 key exchange methods to 128 bits, which makes it easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Enterprise Linux +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux +7
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle MariaDB +6
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Ubuntu Linux +4
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL +6
NVD
EPSS 1% CVSS 1.7
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 1.7), this vulnerability is remotely exploitable.

Information Disclosure Oracle Linux +15
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Linux +15
NVD
EPSS 1% CVSS 2.8
LOW Monitor

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Enterprise Linux +4
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Debian Linux +15
NVD
EPSS 1% CVSS 2.1
LOW Monitor

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Enterprise Linux +3
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Enterprise Linux +15
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Leap +15
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Enterprise Linux +15
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Enterprise Linux Desktop +15
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Enterprise Linux +4
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Buffer Overflow Oracle Ubuntu Linux +15
NVD GitHub
EPSS 6% CVSS 6.8
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Enterprise Linux Desktop +15
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +4
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Ubuntu Linux +4
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +7
NVD
EPSS 0% CVSS 2.6
LOW Monitor

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a. Rated low severity (CVSS 2.6). No vendor patch available.

Red Hat Privilege Escalation Enterprise Linux
NVD
EPSS 1% CVSS 2.1
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Enterprise Linux +1
NVD
Prev Page 11 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy