Skip to main content

Evergreen

34 CVEs product

Monthly

CVE-2015-5134 CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Adobe RCE Microsoft Flash Player Evergreen +3
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
53.0%
Threat
5.1
CVE-2015-5133 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe Buffer Overflow RCE Microsoft Flash Player +4
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
71.5%
Threat
5.6
CVE-2015-5132 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe Buffer Overflow RCE Microsoft Flash Player +4
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
71.5%
Threat
5.6
CVE-2015-5131 CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe Buffer Overflow RCE Microsoft Flash Player +4
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
71.5%
Threat
5.6
CVE-2015-5130 CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Adobe RCE Microsoft Evergreen Flash Player +3
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
53.0%
Threat
5.1
CVE-2015-5129 CRITICAL PATCH Act Now

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE Microsoft Flash Player +4
NVD
CVSS 2.0
10.0
EPSS
2.8%
CVE-2015-5127 CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Adobe RCE Microsoft Flash Player Evergreen +3
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
53.0%
Threat
5.1
CVE-2015-5125 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Adobe Buffer Overflow Microsoft Air +4
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2015-5124 CRITICAL Act Now

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 2.0
10.0
EPSS
11.4%
CVE-2015-3107 CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Memory Corruption RCE Use After Free Google Microsoft +7
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
50.8%
Threat
5.0
CVE-2015-0833 MEDIUM This Month

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Microsoft Evergreen Opensuse +3
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-9585 LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +16
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-9584 LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +15
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9322 HIGH POC PATCH This Week

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Enterprise Linux Eus Ubuntu Linux +3
NVD Exploit-DB GitHub
CVSS 3.1
7.8
EPSS
5.2%
CVE-2014-9323 MEDIUM POC This Month

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Firebird Evergreen Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-8134 LOW POC PATCH Monitor

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Authentication Bypass Linux Kernel Ubuntu Linux Evergreen +2
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2014-8559 MEDIUM POC PATCH This Month

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Suse Linux Enterprise Desktop +6
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-8369 HIGH POC PATCH This Week

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Kernel Debian Linux +3
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2014-7826 HIGH POC PATCH This Week

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Evergreen +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2014-3690 MEDIUM PATCH This Month

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Intel Linux Kernel Suse Linux Enterprise Desktop +8
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2014-3687 HIGH POC PATCH This Week

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Mrg Ubuntu Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2014-3673 HIGH POC PATCH This Week

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg +6
NVD GitHub
CVSS 3.1
7.5
EPSS
9.1%
CVE-2014-3647 MEDIUM PATCH This Month

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux Ubuntu Linux +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2014-3646 MEDIUM PATCH This Month

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux Ubuntu Linux +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-3610 MEDIUM POC PATCH This Month

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Canonical Denial Of Service Linux Linux Kernel Ubuntu Linux +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-0569 CRITICAL POC PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 89.0%.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
89.0%
Threat
6.0
CVE-2014-0564 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 2.0
10.0
EPSS
6.1%
CVE-2014-5459 LOW POC Monitor

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Solaris Evergreen Opensuse
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-1564 MEDIUM POC THREAT This Month

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.9%.

Memory Corruption Mozilla Information Disclosure Evergreen Opensuse +2
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.9%
CVE-2014-1563 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +6
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2014-1553 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Evergreen +3
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2014-3601 MEDIUM POC PATCH This Month

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1). Rated medium severity (CVSS 4.3). Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Enterprise Real Time Extension Evergreen +4
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0181 LOW PATCH Monitor

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Evergreen Enterprise Linux Desktop +4
NVD VulDB
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-0131 LOW PATCH Monitor

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the. Rated low severity (CVSS 2.9). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub VulDB
CVSS 2.0
2.9
EPSS
0.1%
EPSS 53% 5.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Adobe RCE Microsoft +5
NVD Exploit-DB
EPSS 71% 5.6 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe Buffer Overflow RCE +6
NVD Exploit-DB
EPSS 71% 5.6 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe Buffer Overflow RCE +6
NVD Exploit-DB
EPSS 71% 5.6 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.5%.

Adobe Buffer Overflow RCE +6
NVD Exploit-DB
EPSS 53% 5.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Adobe RCE Microsoft +5
NVD Exploit-DB
EPSS 3% CVSS 10.0
CRITICAL PATCH Act Now

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE +6
NVD
EPSS 53% 5.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 53.0%.

Adobe RCE Microsoft +5
NVD Exploit-DB
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Adobe Buffer Overflow +6
NVD
EPSS 11% CVSS 10.0
CRITICAL Act Now

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.4% and no vendor patch available.

RCE Denial Of Service Buffer Overflow +7
NVD
EPSS 51% 5.0 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 50.8%.

Memory Corruption RCE Use After Free +9
NVD Exploit-DB
EPSS 0% CVSS 6.9
MEDIUM This Month

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Microsoft +5
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel +18
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +17
NVD GitHub
EPSS 5% CVSS 7.8
HIGH POC PATCH This Week

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel +5
NVD Exploit-DB GitHub
EPSS 1% CVSS 5.0
MEDIUM POC This Month

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Firebird +3
NVD
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Authentication Bypass Linux Kernel +4
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +8
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Buffer Overflow +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Intel +10
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +9
NVD GitHub
EPSS 9% CVSS 7.5
HIGH POC PATCH This Week

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +8
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Canonical Denial Of Service Linux +5
NVD GitHub
EPSS 89% 6.0 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 89.0%.

Integer Overflow Adobe RCE +8
NVD Exploit-DB
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +9
NVD
EPSS 0% CVSS 3.6
LOW POC Monitor

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Solaris +2
NVD
EPSS 14% CVSS 4.3
MEDIUM POC THREAT This Month

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.9%.

Memory Corruption Mozilla Information Disclosure +4
NVD Exploit-DB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +5
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1). Rated medium severity (CVSS 4.3). Public exploit code available.

Denial Of Service Linux Buffer Overflow +6
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel +6
NVD VulDB
EPSS 0% CVSS 2.9
LOW PATCH Monitor

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the. Rated low severity (CVSS 2.9). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Linux +4
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy