Skip to main content

Enterprise Mrg

51 CVEs product

Monthly

CVE-2020-27825 MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-27786 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux Memory Corruption Use After Free +6
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-1749 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Enterprise Mrg
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-10757 HIGH POC PATCH This Week

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Leap Enterprise Linux +7
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-12826 MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2019-11478 HIGH PATCH This Week

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +21
NVD GitHub
CVSS 3.0
7.5
EPSS
94.7%
CVE-2019-11477 HIGH PATCH This Week

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Linux Linux Kernel Big Ip Advanced Firewall Manager +22
NVD GitHub
CVSS 3.1
7.5
EPSS
98.7%
CVE-2019-3459 MEDIUM POC PATCH This Month

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +14
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-16884 HIGH PATCH This Week

A flaw was found in the Linux kernel's NFS41+ subsystem. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Privilege Escalation Linux Memory Corruption +5
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2014-3706 MEDIUM This Month

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2015-7837 MEDIUM This Month

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat Enterprise Linux Enterprise Linux Desktop +4
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-7553 MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux Red Hat Enterprise Linux +2
NVD
CVSS 3.0
4.7
EPSS
0.0%
CVE-2016-3699 HIGH POC PATCH This Week

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Red Hat Privilege Escalation Linux Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 3.0
7.4
EPSS
0.0%
CVE-2016-4470 MEDIUM PATCH This Month

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Vm Server Linux Kernel Suse Linux Enterprise Real Time Extension +10
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-1350 MEDIUM POC PATCH This Month

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2015-2922 LOW POC Monitor

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel Fedora Solaris +2
NVD GitHub
CVSS 2.0
3.3
EPSS
1.7%
CVE-2014-3687 HIGH POC PATCH This Week

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Mrg Ubuntu Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2014-3673 HIGH POC PATCH This Week

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg +6
NVD GitHub
CVSS 3.1
7.5
EPSS
9.1%
CVE-2012-2682 MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Mrg
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-0174 MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-3940 MEDIUM This Month

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing. Rated medium severity (CVSS 4.0). No vendor patch available.

Denial Of Service Race Condition Linux Buffer Overflow Enterprise Linux +2
NVD
CVSS 2.0
4.0
EPSS
0.0%
CVE-2014-3917 LOW Monitor

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel. Rated low severity (CVSS 3.3). No vendor patch available.

Denial Of Service Linux Information Disclosure Linux Enterprise Desktop Enterprise Linux +2
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-6445 MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4461 HIGH This Week

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Enterprise Mrg
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4414 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Enterprise Mrg
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4405 MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Red Hat Enterprise Mrg
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-4404 MEDIUM This Month

cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Mrg
NVD
CVSS 2.0
6.5
EPSS
0.2%
CVE-2013-4255 LOW Monitor

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Condor Enterprise Mrg
NVD
CVSS 2.0
3.5
EPSS
0.7%
CVE-2013-4345 MEDIUM PATCH This Month

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Linux Information Disclosure Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4284 MEDIUM This Month

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Mrg
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-1892 MEDIUM POC THREAT This Month

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.5%.

Denial Of Service RCE MongoDB Enterprise Mrg
NVD Exploit-DB
CVSS 2.0
6.0
EPSS
53.5%
Threat
4.3
CVE-2013-1909 PyPI MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure Enterprise Mrg Qpid
NVD
CVSS 2.0
5.8
EPSS
0.8%
CVE-2013-2164 LOW POC PATCH Monitor

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel Enterprise Linux Enterprise Mrg
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-3301 HIGH POC PATCH This Week

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg +3
NVD Exploit-DB GitHub
CVSS 2.0
7.2
EPSS
0.5%
CVE-2013-2015 MEDIUM PATCH This Month

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg
NVD GitHub
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2548 LOW Monitor

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2547 LOW Monitor

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2546 LOW Monitor

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Mrg
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4462 MEDIUM This Month

aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Denial Of Service Condor Enterprise Mrg
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-1774 MEDIUM This Month

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD GitHub
CVSS 2.0
4.0
EPSS
0.1%
CVE-2013-1773 MEDIUM POC This Month

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD Exploit-DB GitHub
CVSS 2.0
6.2
EPSS
0.3%
CVE-2012-3459 MEDIUM This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Cumin Enterprise Mrg
NVD
CVSS 2.0
4.9
EPSS
0.4%
CVE-2012-2735 MEDIUM This Month

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Cumin Enterprise Mrg
NVD
CVSS 2.0
4.9
EPSS
0.4%
CVE-2012-2734 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Red Hat Cumin Enterprise Mrg
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-2685 MEDIUM POC This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Denial Of Service Cumin Enterprise Mrg
NVD
CVSS 2.0
4.0
EPSS
1.2%
CVE-2012-2684 HIGH This Week

Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cumin Enterprise Mrg
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2012-2683 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Cumin Enterprise Mrg
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2012-2681 MEDIUM POC This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Cumin Enterprise Mrg
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2012-2680 MEDIUM POC This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Privilege Escalation Cumin Enterprise Mrg
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-1097 HIGH PATCH This Week

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Enterprise Linux +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2012-1090 MEDIUM PATCH This Month

The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Mrg Linux Enterprise Desktop +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux +8
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel +9
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +4
NVD GitHub
EPSS 95% CVSS 7.5
HIGH PATCH This Week

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel +23
NVD GitHub
EPSS 99% CVSS 7.5
HIGH PATCH This Week

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Linux +24
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure +16
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

A flaw was found in the Linux kernel's NFS41+ subsystem. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Privilege Escalation +7
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Authentication Bypass Red Hat +6
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Linux +4
NVD
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Red Hat Privilege Escalation Linux +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Vm Server +12
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Denial Of Service Linux +4
NVD
EPSS 2% CVSS 3.3
LOW POC Monitor

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Linux Linux Kernel +4
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +9
NVD GitHub
EPSS 9% CVSS 7.5
HIGH POC PATCH This Week

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +8
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Mrg
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing. Rated medium severity (CVSS 4.0). No vendor patch available.

Denial Of Service Race Condition Linux +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel. Rated low severity (CVSS 3.3). No vendor patch available.

Denial Of Service Linux Information Disclosure +4
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Enterprise Mrg
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Enterprise Mrg
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Enterprise Mrg
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Red Hat Enterprise Mrg
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Enterprise Mrg
NVD
EPSS 1% CVSS 3.5
LOW Monitor

The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Condor Enterprise Mrg
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted Ajax update request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Enterprise Mrg
NVD
EPSS 54% 4.3 CVSS 6.0
MEDIUM POC THREAT This Month

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 53.5%.

Denial Of Service RCE MongoDB +1
NVD Exploit-DB
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Apache Information Disclosure +2
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +5
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, when removing a job, allows remote attackers to cause a denial of service (condor_schedd restart) via square brackets in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Denial Of Service Condor +1
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted. Rated medium severity (CVSS 4.0). No vendor patch available.

Privilege Escalation Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Linux +3
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Privilege Escalation Cumin +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Cumin +1
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Red Hat Cumin +1
NVD
EPSS 1% CVSS 4.0
MEDIUM POC This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Denial Of Service Cumin +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat SQLi Cumin +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat XSS Cumin +1
NVD
EPSS 1% CVSS 5.8
MEDIUM POC This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Red Hat Information Disclosure Cumin +1
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Red Hat Privilege Escalation Cumin +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +4
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy