Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2019-2698 HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle Jdk Jre +13
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
12.0%
CVE-2019-2697 HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle Jdk Jre +8
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
11.5%
CVE-2019-2695 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-2694 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-2693 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2019-2691 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2689 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2688 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2687 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2686 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2685 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2684 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +15
NVD
CVSS 3.1
5.9
EPSS
37.6%
CVE-2019-2683 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2681 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2644 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2019-2636 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.4
EPSS
1.8%
CVE-2019-2635 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2634 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
5.1
EPSS
0.4%
CVE-2019-2631 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2019-2630 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.4
EPSS
1.8%
CVE-2019-2628 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux MariaDB +5
NVD
CVSS 3.1
4.9
EPSS
2.9%
CVE-2019-2626 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2019-2625 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2019-2624 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2019-2623 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Software Collections Enterprise Linux +3
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2019-2620 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2617 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.4
EPSS
1.9%
CVE-2019-2607 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2606 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2602 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Oracle Jdk Jre +14
NVD
CVSS 3.1
7.5
EPSS
7.4%
CVE-2019-2596 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2593 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2592 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Fedora +5
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2019-2589 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2587 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2585 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2584 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-2581 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Fedora +5
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2019-2580 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Software Collections +4
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2019-11459 MEDIUM PATCH This Month

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Evince Ubuntu Linux Fedora Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-3902 PyPI MEDIUM PATCH This Month

A flaw was found in Mercurial before 4.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Mercurial Debian Linux Enterprise Linux
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2019-11235 CRITICAL PATCH Act Now

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Fedora Enterprise Linux Enterprise Linux Eus +6
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-11234 CRITICAL Act Now

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius Fedora Enterprise Linux Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
7.6%
CVE-2019-10245 HIGH PATCH This Week

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Openj9 Satellite Enterprise Linux +3
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-3883 HIGH This Week

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2019-3460 MEDIUM POC PATCH This Month

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3459 MEDIUM POC PATCH This Month

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +14
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3837 MEDIUM PATCH This Month

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Buffer Overflow Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2019-3842 HIGH POC This Week

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Systemd Enterprise Linux Fedora Debian Linux
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
1.2%
CVE-2019-3887 MEDIUM PATCH This Month

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. Rated medium severity (CVSS 5.6). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Linux Kernel Fedora Ubuntu Linux Enterprise Linux +7
NVD
CVSS 3.1
5.6
EPSS
0.4%
CVE-2019-3880 MEDIUM PATCH This Month

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Samba Debian Linux Gluster Storage +3
NVD
CVSS 3.1
5.4
EPSS
3.4%
CVE-2019-0757 MEDIUM PATCH This Month

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Visual Studio 2017 Nuget Mono Framework Net Core Sdk +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-0211 HIGH POC KEV PATCH THREAT This Week

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Use After Free Apache Memory Corruption Http Server +25
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
65.0%
CVE-2019-0217 HIGH PATCH This Week

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Race Condition Apache Http Server Debian Linux +11
NVD
CVSS 3.1
7.5
EPSS
17.7%
CVE-2019-0160 CRITICAL Act Now

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service Edk Ii Leap +6
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-3877 MEDIUM PATCH This Month

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Mellon Fedora Enterprise Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
2.1%
CVE-2019-3878 HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon Fedora Enterprise Linux +7
NVD GitHub
CVSS 3.0
8.1
EPSS
3.0%
CVE-2019-3874 MEDIUM PATCH This Month

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Kernel Debian Linux Enterprise Linux Ubuntu Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-3857 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3856 HIGH PATCH This Week

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Debian Linux Ontap Select Deploy Administration Utility +10
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2019-3838 MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2019-3855 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Fedora Debian Linux +11
NVD
CVSS 3.1
8.8
EPSS
9.2%
CVE-2019-9903 MEDIUM POC This Month

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Poppler Fedora Debian Linux +5
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-7222 MEDIUM POC PATCH This Month

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Fedora Leap +15
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2019-7221 HIGH POC PATCH This Week

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +14
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2019-6454 MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption Systemd Leap +20
NVD GitHub
CVSS 3.1
5.5
EPSS
2.0%
CVE-2019-3816 HIGH This Week

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Openwsman Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus +7
NVD
CVSS 3.1
7.5
EPSS
14.7%
CVE-2019-9741 MEDIUM POC This Month

An issue was discovered in net/http in Go 1.11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Go Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2019-9636 CRITICAL PATCH Act Now

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Leap Debian Linux +12
NVD GitHub
CVSS 3.1
9.8
EPSS
9.1%
CVE-2019-9213 MEDIUM POC PATCH This Month

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +3
NVD GitHub Exploit-DB
CVSS 3.1
5.5
EPSS
5.7%
CVE-2019-7164 PyPI CRITICAL POC PATCH Act Now

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-8912 HIGH PATCH This Week

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-6974 HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Debian Linux +22
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
16.5%
CVE-2019-7665 MEDIUM POC This Month

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Elfutils Debian Linux +9
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-7664 MEDIUM POC This Month

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Elfutils Enterprise Linux +6
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-7548 PyPI HIGH POC PATCH This Week

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-3825 MEDIUM POC This Month

A vulnerability was discovered in gdm before 3.31.4. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Gnome Display Manager Ubuntu Linux Enterprise Linux
NVD
CVSS 3.0
6.4
EPSS
0.5%
CVE-2019-3822 CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-7317 MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Libpng Debian Linux +30
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-7310 HIGH POC This Week

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Poppler Ubuntu Linux +9
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2019-6111 MEDIUM POC PATCH THREAT This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH Path Traversal Openssh Winscp Ubuntu Linux +16
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
58.2%
CVE-2019-6109 MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Winscp Ubuntu Linux +17
NVD VulDB
CVSS 3.1
6.8
EPSS
9.7%
CVE-2019-7150 MEDIUM POC PATCH This Month

An issue was discovered in elfutils 0.175. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Elfutils Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-2539 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +7
NVD
CVSS 3.1
4.9
EPSS
2.7%
CVE-2019-2537 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Debian Linux +9
NVD
CVSS 3.1
4.9
EPSS
4.5%
CVE-2019-2536 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Rated medium severity (CVSS 5.0).

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +7
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2019-2535 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated medium severity (CVSS 4.1).

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +7
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2019-2534 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL Ubuntu Linux Oncommand Unified Manager +8
NVD
CVSS 3.1
7.1
EPSS
2.0%
CVE-2019-2533 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +7
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-2532 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Workflow Automation +8
NVD
CVSS 3.1
4.9
EPSS
3.1%
EPSS 12% CVSS 8.1
HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle +15
NVD Exploit-DB
EPSS 11% CVSS 8.1
HIGH POC PATCH THREAT This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Information Disclosure Oracle +10
NVD Exploit-DB
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 38% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +17
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +7
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Java Denial Of Service Oracle +16
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +7
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +7
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Evince Ubuntu Linux +7
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

A flaw was found in Mercurial before 4.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Mercurial Debian Linux +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Freeradius Fedora +8
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Freeradius Fedora +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Openj9 +5
NVD
EPSS 8% CVSS 7.5
HIGH This Week

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +15
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure +16
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Buffer Overflow Linux Kernel +1
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Authentication Bypass Systemd Enterprise Linux +2
NVD Exploit-DB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. Rated medium severity (CVSS 5.6). This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Linux Kernel Fedora +9
NVD
EPSS 3% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Samba +5
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Visual Studio 2017 Nuget +6
NVD
EPSS 65% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Use After Free Apache +27
NVD Exploit-DB
EPSS 18% CVSS 7.5
HIGH PATCH This Week

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Authentication Bypass Race Condition Apache +13
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Denial Of Service +8
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Mod Auth Mellon Fedora +2
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

A vulnerability was found in mod_auth_mellon before v0.14.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Apache Mod Auth Mellon +9
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Kernel Debian Linux +7
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +12
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +12
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ghostscript Ansible Tower +10
NVD
EPSS 9% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +13
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Poppler +7
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +17
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +16
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in sd-bus in systemd 239. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Memory Corruption +22
NVD GitHub
EPSS 15% CVSS 7.5
HIGH This Week

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Openwsman Enterprise Linux +9
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in net/http in Go 1.11.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis Code Injection Go +4
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL PATCH Act Now

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +14
NVD GitHub
EPSS 6% CVSS 5.5
MEDIUM POC PATCH This Month

In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +5
NVD GitHub Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux +7
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +5
NVD
EPSS 17% CVSS 8.1
HIGH POC PATCH THREAT This Week

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Linux Information Disclosure +24
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +11
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +8
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux +7
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM POC This Month

A vulnerability was discovered in gdm before 3.31.4. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Gnome Display Manager Ubuntu Linux +1
NVD
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl +15
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +32
NVD GitHub VulDB
EPSS 2% CVSS 7.8
HIGH POC This Week

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +11
NVD
EPSS 58% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH Path Traversal Openssh +18
NVD Exploit-DB
EPSS 10% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh +19
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in elfutils 0.175. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Elfutils +10
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +9
NVD
EPSS 4% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +11
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Rated medium severity (CVSS 5.0).

Denial Of Service Oracle MySQL +9
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated medium severity (CVSS 4.1).

Denial Of Service Oracle MySQL +9
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL +10
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL +9
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
Prev Page 9 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy