Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2013-2231 HIGH This Week

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Microsoft Enterprise Linux Enterprise Linux Desktop Supplementary +2
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-4296 MEDIUM PATCH This Month

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libvirt Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.0
EPSS
3.3%
CVE-2013-2217 PyPI LOW PATCH Monitor

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name. Rated low severity (CVSS 1.2).

Information Disclosure Suds Opensuse Enterprise Linux
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2013-1824 MEDIUM PATCH This Month

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PHP XXE Enterprise Linux Mac Os X
NVD
CVSS 2.0
4.3
EPSS
2.1%
CVE-2013-1872 MEDIUM This Month

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Intel Denial Of Service RCE Mesa +3
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-4248 MEDIUM This Month

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP OpenSSL Information Disclosure Ubuntu Linux Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
9.9%
CVE-2013-4124 MEDIUM POC PATCH THREAT This Month

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Denial Of Service Ubuntu Linux Enterprise Linux Fedora Samba +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
83.5%
Threat
5.0
CVE-2013-2174 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Curl Libcurl +3
NVD GitHub
CVSS 2.0
6.8
EPSS
3.2%
CVE-2013-4854 HIGH POC THREAT Act Now

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Denial Of Service Bind Suse Linux Enterprise Software Development Kit Suse Linux Dnsco Bind +8
NVD
CVSS 2.0
7.8
EPSS
51.1%
Threat
4.6
CVE-2013-2188 MEDIUM This Month

A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain. Rated medium severity (CVSS 4.7). No vendor patch available.

Red Hat Privilege Escalation Denial Of Service Enterprise Linux
NVD
CVSS 2.0
4.7
EPSS
0.0%
CVE-2013-1943 HIGH PATCH This Week

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Enterprise Linux Eus +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2013-1935 MEDIUM This Month

A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest. Rated medium severity (CVSS 5.7). No vendor patch available.

Red Hat Denial Of Service Race Condition Enterprise Linux
NVD
CVSS 2.0
5.7
EPSS
0.1%
CVE-2013-2051 LOW Monitor

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Tomcat Enterprise Linux
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-1976 MEDIUM This Month

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow. Rated medium severity (CVSS 6.9). No vendor patch available.

Tomcat Red Hat Information Disclosure Jboss Enterprise Web Server Enterprise Linux
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-2224 MEDIUM This Month

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Red Hat Denial Of Service Linux Enterprise Linux
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2013-2164 LOW POC PATCH Monitor

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel Enterprise Linux Enterprise Mrg
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-6137 MEDIUM This Month

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus +6
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-3301 HIGH POC PATCH This Week

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg +3
NVD Exploit-DB GitHub
CVSS 2.0
7.2
EPSS
0.5%
CVE-2013-2015 MEDIUM PATCH This Month

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-1928 MEDIUM This Month

The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-4546 MEDIUM This Month

The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-1861 MEDIUM POC THREAT This Month

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Buffer Overflow Denial Of Service Oracle MariaDB MySQL +7
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.8%
CVE-2013-1857 Ruby MEDIUM PATCH This Month

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Enterprise Linux Rails Ruby On Rails
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-1855 Ruby MEDIUM PATCH This Month

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rails Ruby On Rails Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-1854 Ruby MEDIUM PATCH This Month

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Rails Ruby On Rails Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2012-6548 LOW PATCH Monitor

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%
CVE-2012-6546 LOW PATCH Monitor

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.0%
CVE-2012-6545 LOW PATCH Monitor

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Enterprise Linux Linux Kernel
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6544 LOW PATCH Monitor

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6542 LOW PATCH Monitor

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6538 LOW PATCH Monitor

The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-6537 LOW PATCH Monitor

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-0200 LOW PATCH Monitor

HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3). Rated low severity (CVSS 1.9).

Information Disclosure HP Linux Imaging And Printing Project Enterprise Linux
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2012-1568 LOW Monitor

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a. Rated low severity (CVSS 1.9). No vendor patch available.

Red Hat Linux Authentication Bypass Fedora Enterprise Linux
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2013-1774 MEDIUM This Month

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD GitHub
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-1773 MEDIUM POC This Month

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD Exploit-DB GitHub
CVSS 2.0
6.2
EPSS
0.3%
CVE-2012-2697 MEDIUM This Month

Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-0219 LOW Monitor

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a. Rated low severity (CVSS 3.7). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
CVSS 2.0
3.7
EPSS
0.1%
CVE-2013-0311 MEDIUM PATCH This Month

The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by. Rated medium severity (CVSS 6.5).

Linux Information Disclosure Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
6.5
EPSS
0.3%
CVE-2013-0310 MEDIUM This Month

The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have. Rated medium severity (CVSS 6.6). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-0309 MEDIUM This Month

arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-5536 MEDIUM POC This Month

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase,. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure SSH Fedora Release Rawhide Enterprise Linux
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-1591 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Integer Overflow Enterprise Virtualization Enterprise Linux +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2012-2124 MEDIUM This Month

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Denial Of Service Squirrelmail Enterprise Linux
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-0383 MEDIUM This Month

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Ubuntu Linux +4
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-3177 MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2012-3166 MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL MariaDB Ubuntu Linux +6
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2012-4291 LOW Monitor

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse Enterprise Linux Sunos
NVD
CVSS 2.0
3.3
EPSS
1.0%
CVE-2012-4290 LOW Monitor

The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse Enterprise Linux Sunos
NVD
CVSS 2.0
3.3
EPSS
1.0%
CVE-2012-4289 LOW PATCH Monitor

epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Wireshark Opensuse Enterprise Linux Sunos
NVD
CVSS 2.0
3.3
EPSS
0.8%
CVE-2012-4285 LOW POC PATCH Monitor

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensuse Enterprise Linux Sunos Wireshark
NVD
CVSS 2.0
3.3
EPSS
1.4%
CVE-2012-3440 MEDIUM POC This Month

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Sudo Enterprise Linux
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2012-2665 HIGH This Week

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption RCE Openoffice +10
NVD
CVSS 2.0
7.5
EPSS
5.0%
CVE-2012-0867 MEDIUM This Month

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure PostgreSQL Opensuse Debian Linux Desktop Workstation +7
NVD
CVSS 2.0
4.3
EPSS
1.9%
CVE-2012-1149 HIGH PATCH This Week

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE Libreoffice Debian Linux +8
NVD
CVSS 2.0
7.5
EPSS
1.2%
CVE-2012-2313 LOW POC PATCH Monitor

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet. Rated low severity (CVSS 1.2). Public exploit code available.

Privilege Escalation Linux D-Link Linux Kernel Suse Linux Enterprise Server +6
NVD GitHub
CVSS 2.0
1.2
EPSS
0.2%
CVE-2012-1097 HIGH PATCH This Week

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Enterprise Linux +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2012-0067 MEDIUM POC PATCH THREAT This Month

wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.1%.

Denial Of Service Wireshark Enterprise Linux
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.1%
CVE-2012-0066 MEDIUM POC PATCH This Month

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Wireshark Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2012-0042 LOW POC PATCH Monitor

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and. Rated low severity (CVSS 2.9). Public exploit code available.

Denial Of Service Wireshark Enterprise Linux
NVD
CVSS 2.0
2.9
EPSS
0.4%
CVE-2012-0041 MEDIUM POC PATCH This Month

The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Wireshark Enterprise Linux
NVD
CVSS 2.0
4.3
EPSS
2.3%
CVE-2024-45615 LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2024-45616 LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2024-45617 LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2024-45618 LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
CVSS 3.1
3.9
EPSS
0.1%
CVE-2026-4408 CRITICAL Act Now

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. EPSS is modest at 0.23% (46th percentile) and no public exploit identified at time of analysis, but the unauthenticated network attack surface of Samba makes urgent patching warranted.

Command Injection Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-45619 MEDIUM This Month

Alpine Linux: opensc fixed in 0.26.0-r0

Buffer Overflow Enterprise Linux Opensc
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-9675 Go MEDIUM PATCH This Month

Alpine Linux: buildah fixed in 1.37.5-r0

Path Traversal Buildah Openshift Container Platform Enterprise Linux Enterprise Linux Eus +10
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-8443 LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Buffer Overflow Heap Overflow Opensc Enterprise Linux
NVD
CVSS 3.1
2.9
EPSS
0.2%
CVE-2024-45620 LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Buffer Overflow Enterprise Linux Opensc
NVD
CVSS 3.1
3.9
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH This Week

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Microsoft +4
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Libvirt +2
NVD
EPSS 0% CVSS 1.2
LOW PATCH Monitor

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name. Rated low severity (CVSS 1.2).

Information Disclosure Suds Opensuse +1
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

PHP XXE Enterprise Linux +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Intel Denial Of Service +5
NVD
EPSS 10% CVSS 4.3
MEDIUM This Month

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP OpenSSL Information Disclosure +2
NVD
EPSS 84% 5.0 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Denial Of Service Ubuntu Linux Enterprise Linux +3
NVD Exploit-DB
EPSS 3% CVSS 6.8
MEDIUM POC PATCH This Month

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE +5
NVD GitHub
EPSS 51% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Denial Of Service Bind Suse Linux Enterprise Software Development Kit +10
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain. Rated medium severity (CVSS 4.7). No vendor patch available.

Red Hat Privilege Escalation Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest. Rated medium severity (CVSS 5.7). No vendor patch available.

Red Hat Denial Of Service Race Condition +1
NVD
EPSS 0% CVSS 2.6
LOW Monitor

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Tomcat +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow. Rated medium severity (CVSS 6.9). No vendor patch available.

Tomcat Red Hat Information Disclosure +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain. Rated medium severity (CVSS 6.9). No vendor patch available.

Red Hat Denial Of Service Linux +1
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Enterprise Linux +8
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +5
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Enterprise Linux
NVD
EPSS 21% CVSS 5.0
MEDIUM POC THREAT This Month

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Buffer Overflow Denial Of Service Oracle +9
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Enterprise Linux Rails +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rails Ruby On Rails +1
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Rails Ruby On Rails +1
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN. Rated low severity (CVSS 1.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3). Rated low severity (CVSS 1.9).

Information Disclosure HP Linux Imaging And Printing Project +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

The ExecShield feature in a certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 5 and 6 and Fedora 15 and 16 does not properly handle use of many shared libraries by a. Rated low severity (CVSS 1.9). No vendor patch available.

Red Hat Linux Authentication Bypass +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Linux +3
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Linux
NVD
EPSS 0% CVSS 3.7
LOW Monitor

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a. Rated low severity (CVSS 3.7). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by. Rated medium severity (CVSS 6.5).

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have. Rated medium severity (CVSS 6.6). No vendor patch available.

Buffer Overflow Denial Of Service Linux +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Denial Of Service Linux +2
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase,. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure SSH +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Integer Overflow +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Red Hat Denial Of Service +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL +6
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +8
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +8
NVD
EPSS 1% CVSS 3.3
LOW Monitor

The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse +2
NVD
EPSS 1% CVSS 3.3
LOW Monitor

The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse +2
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Wireshark Opensuse +2
NVD
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensuse Enterprise Linux +2
NVD
EPSS 0% CVSS 5.6
MEDIUM POC This Month

A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Sudo +1
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +12
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure PostgreSQL Opensuse +9
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service RCE +10
NVD
EPSS 0% CVSS 1.2
LOW POC PATCH Monitor

The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet. Rated low severity (CVSS 1.2). Public exploit code available.

Privilege Escalation Linux D-Link +8
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference +6
NVD GitHub
EPSS 11% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.1%.

Denial Of Service Wireshark Enterprise Linux
NVD Exploit-DB
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Wireshark Enterprise Linux
NVD
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and. Rated low severity (CVSS 2.9). Public exploit code available.

Denial Of Service Wireshark Enterprise Linux
NVD
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Wireshark Enterprise Linux
NVD
EPSS 0% CVSS 3.9
LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
EPSS 0% CVSS 3.9
LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
EPSS 0% CVSS 3.9
LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
EPSS 0% CVSS 3.9
LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Information Disclosure Enterprise Linux Opensc
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. EPSS is modest at 0.23% (46th percentile) and no public exploit identified at time of analysis, but the unauthenticated network attack surface of Samba makes urgent patching warranted.

Command Injection Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Alpine Linux: opensc fixed in 0.26.0-r0

Buffer Overflow Enterprise Linux Opensc
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Alpine Linux: buildah fixed in 1.37.5-r0

Path Traversal Buildah Openshift Container Platform +12
NVD
EPSS 0% CVSS 2.9
LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Buffer Overflow Heap Overflow Opensc +1
NVD
EPSS 0% CVSS 3.9
LOW Monitor

Alpine Linux: opensc fixed in 0.26.0-r0

Buffer Overflow Enterprise Linux Opensc
NVD
Prev Page 13 of 13

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy