Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2021-3482 MEDIUM PATCH This Month

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Exiv2 Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-3448 MEDIUM POC PATCH This Month

A flaw was found in dnsmasq in versions before 2.85. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Dnsmasq Enterprise Linux Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD
CVSS 3.1
4.0
EPSS
2.0%
CVE-2021-20305 HIGH PATCH This Week

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Nettle Fedora Enterprise Linux Active Iq Unified Manager +2
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2021-20291 Go MEDIUM POC PATCH This Month

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Storage Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-3393 MEDIUM This Month

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Software Collections Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-20271 HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux Fedora Starwind Virtual San
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2021-20197 MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-3466 CRITICAL PATCH Act Now

A flaw was found in libmicrohttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libmicrohttpd Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2021-3446 MEDIUM PATCH This Month

A flaw was found in libtpms in versions before 0.8.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

OpenSSL Information Disclosure Libtpms Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-3443 MEDIUM POC This Month

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-3409 MEDIUM PATCH This Month

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service Qemu Enterprise Linux +2
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-20270 PyPI HIGH PATCH This Week

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pygments Openshift Container Platform Openstack Platform Software Collections +3
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-3416 MEDIUM PATCH This Month

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-20286 LOW PATCH Monitor

A flaw was found in libnbd 1.7.3. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
2.7
EPSS
1.1%
CVE-2021-20179 HIGH PATCH This Week

A flaw was found in pki-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dogtagpki Certificate System Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-20232 CRITICAL PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-20231 CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption Denial Of Service Gnutls +4
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2021-20261 MEDIUM PATCH This Month

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-3411 MEDIUM POC This Month

A flaw was found in the Linux kernel in versions prior to 5.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux RCE Code Injection Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-20246 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20245 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20244 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-3404 HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-3403 HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Ytnef Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-20233 HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2021-20225 MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2021-20194 HIGH PATCH This Week

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-20229 MEDIUM This Month

A flaw was found in PostgreSQL in versions before 13.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-20188 Go HIGH PATCH This Week

A flaw was found in podman before 1.7.0. Rated high severity (CVSS 7.0). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-27846 Go CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml Openshift Container Platform Openshift Service Mesh +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-27777 MEDIUM POC PATCH This Month

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Kernel Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-25712 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Heap Overflow X Server Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27825 MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-27786 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux Memory Corruption Use After Free +6
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-25692 HIGH PATCH This Week

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openldap Enterprise Linux Cloud Backup +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-29573 HIGH PATCH This Week

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Canonical Glibc Enterprise Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-27773 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-27772 LOW POC Monitor

A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27776 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2020-27775 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27774 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27771 LOW POC Monitor

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow Imagemagick Enterprise Linux +1
NVD
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-27767 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.1%
CVE-2020-27765 LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/segment.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
1.0%
CVE-2020-27783 PyPI MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml Software Collections Enterprise Linux +5
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2020-27778 HIGH POC This Week

A flaw was found in Poppler in the way certain PDF files were converted into HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Poppler Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-14351 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-14339 HIGH PATCH This Week

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Libvirt Enterprise Linux
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-14318 MEDIUM PATCH This Month

A flaw was found in the way samba handled file and directory permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Storage Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-25656 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.1). Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2020-14383 MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-25708 HIGH POC This Week

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libvncserver Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-10763 Go MEDIUM PATCH This Month

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Heketi Gluster Storage Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25705 HIGH This Week

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Linux Authentication Bypass Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.4
EPSS
6.7%
CVE-2020-25662 MEDIUM This Month

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-25661 HIGH This Week

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Memory Corruption RCE Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-25648 HIGH PATCH This Week

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Network Security Services Enterprise Linux Fedora Communications Offline Mediation Controller +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-14355 MEDIUM PATCH This Month

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Spice Openstack Ubuntu Linux +7
NVD
CVSS 3.1
6.6
EPSS
2.7%
CVE-2020-25743 LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Openstack Platform Enterprise Linux
NVD
CVSS 3.1
3.2
EPSS
0.5%
CVE-2020-25643 HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2020-25641 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux Leap +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14370 Go MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman Openshift Container Platform Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-14382 HIGH PATCH This Week

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cryptsetup Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-14362 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14361 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14346 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server Ubuntu Linux Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14331 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2020-10759 MEDIUM POC This Month

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Red Hat Enterprise Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-0570 HIGH POC PATCH This Week

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2020-1045 NuGet HIGH PATCH This Week

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Asp Net Core Fedora Enterprise Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2020-1749 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Enterprise Mrg
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14373 MEDIUM POC PATCH This Month

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Ghostscript Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14364 MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service Information Disclosure Qemu +6
NVD
CVSS 3.1
5.0
EPSS
5.4%
CVE-2020-14356 HIGH POC PATCH This Week

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux +8
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-9490 HIGH PATCH This Week

Apache HTTP Server versions 2.4.20 to 2.4.43. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Apache Request Smuggling Denial Of Service Http Server Communications Element Manager +23
NVD
CVSS 3.1
7.5
EPSS
89.7%
CVE-2020-14311 MEDIUM This Month

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 Enterprise Linux Enterprise Linux Eus +4
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-14310 MEDIUM This Month

There is an issue on grub2 before version 2.06 at function read_section_as_string(). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 Enterprise Linux Enterprise Linux Eus +4
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-15707 MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition Debian RCE +16
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2020-15706 MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2020-15705 MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-15719 MEDIUM PATCH This Month

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Openldap Enterprise Linux Leap +2
NVD
CVSS 3.1
4.2
EPSS
2.4%
CVE-2020-10756 MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Libslirp Openstack Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-10769 MEDIUM POC This Month

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Enterprise Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-10761 MEDIUM PATCH This Month

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Leap Ubuntu Linux
NVD
CVSS 3.1
5.0
EPSS
1.8%
CVE-2020-10757 HIGH POC PATCH This Week

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Leap Enterprise Linux +7
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-10749 Go MEDIUM PATCH This Month

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Information Disclosure Cni Network Plugins Openshift Container Platform Fedora +1
NVD
CVSS 3.1
6.0
EPSS
2.4%
CVE-2020-10711 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service Linux Kernel 3Scale +9
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2020-12826 MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-10690 MEDIUM PATCH This Month

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. Rated medium severity (CVSS 6.4). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Linux Kernel Enterprise Linux +20
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-12458 Go MEDIUM POC PATCH This Month

An information-disclosure flaw was found in Grafana through 6.7.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Exiv2 Enterprise Linux +2
NVD
EPSS 2% CVSS 4.0
MEDIUM POC PATCH This Month

A flaw was found in dnsmasq in versions before 2.85. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Dnsmasq Enterprise Linux +2
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Nettle Fedora +4
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Storage Openshift Container Platform +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Software Collections +1
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A flaw was found in RPM's signature check functionality when reading a package file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Information Disclosure Rpm Enterprise Linux +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux +4
NVD
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in libmicrohttpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libmicrohttpd Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in libtpms in versions before 0.8.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

OpenSSL Information Disclosure Libtpms +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper +2
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Denial Of Service +4
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pygments Openshift Container Platform +5
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Fedora +2
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

A flaw was found in libnbd 1.7.3. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A flaw was found in pki-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Dogtagpki Certificate System +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption +4
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

A flaw was found in gnutls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Buffer Overflow Memory Corruption +6
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Linux Kernel +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

A flaw was found in the Linux kernel in versions prior to 5.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux RCE Code Injection +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 +7
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y ,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A flaw was found in PostgreSQL in versions before 13.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Software Collections +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A flaw was found in podman before 1.7.0. Rated high severity (CVSS 7.0). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Podman Openshift Container Platform +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml +4
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM POC PATCH This Month

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Kernel Openshift Container Platform +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Heap Overflow +2
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux +8
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openldap +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Canonical +4
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/gem-private.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in coders/bmp.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/statistic.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Integer Overflow +3
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/quantum.h. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Imagemagick +2
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

A flaw was found in ImageMagick in MagickCore/segment.c. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Enterprise Linux +1
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml +7
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A flaw was found in Poppler in the way certain PDF files were converted into HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Poppler +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +4
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Libvirt Enterprise Linux
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A flaw was found in the way samba handled file and directory permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Storage +1
NVD
EPSS 0% CVSS 4.1
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 4.1). Public exploit code available.

Use After Free Linux Memory Corruption +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A divide by zero issue was found to occur in libvncserver-0.9.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libvncserver Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Heketi Gluster Storage +2
NVD GitHub
EPSS 7% CVSS 7.4
HIGH This Week

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Siemens Linux Authentication Bypass +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth stack implementation handled the initialization of stack memory when handling certain AMP packets. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth implementation handled L2CAP packets with A2MP CID. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Memory Corruption +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Network Security Services Enterprise Linux +4
NVD
EPSS 3% CVSS 6.6
MEDIUM PATCH This Month

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Spice +9
NVD
EPSS 0% CVSS 3.2
LOW PATCH Monitor

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Qemu +2
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Docker Information Disclosure Podman +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Cryptsetup +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server +2
NVD
EPSS 1% CVSS 6.6
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption +2
NVD
EPSS 0% CVSS 6.0
MEDIUM POC This Month

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Authentication Bypass Red Hat +1
NVD GitHub
EPSS 1% CVSS 7.3
HIGH POC PATCH This Week

Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Qt Enterprise Linux
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Asp Net Core +5
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service +8
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service +10
NVD
EPSS 90% CVSS 7.5
HIGH PATCH This Week

Apache HTTP Server versions 2.4.20 to 2.4.43. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Apache Request Smuggling Denial Of Service +25
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 +6
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

There is an issue on grub2 before version 2.06 at function read_section_as_string(). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 +6
NVD
EPSS 2% CVSS 6.4
MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition +18
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 +13
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 +13
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Red Hat Openldap +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Libslirp +5
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel +9
NVD
EPSS 2% CVSS 6.0
MEDIUM PATCH This Month

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Information Disclosure Cni Network Plugins +3
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service +11
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +4
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. Rated medium severity (CVSS 6.4). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +22
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An information-disclosure flaw was found in Grafana through 6.7.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure Ceph Storage +2
NVD GitHub
Prev Page 6 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy