Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2020-15979 HIGH POC This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-15978 HIGH POC This Week

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-15977 MEDIUM This Month

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-15976 HIGH This Week

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-15975 HIGH This Week

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15974 HIGH This Week

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Backports Sle +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-15973 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Backports Sle +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-15972 HIGH This Week

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-15971 HIGH This Week

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15970 HIGH This Week

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15969 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +9
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-15968 HIGH This Week

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-15967 HIGH This Week

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-28038 MEDIUM This Month

WordPress before 5.5.2 allows stored XSS via post slugs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2020-28037 CRITICAL PATCH Act Now

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress RCE Denial Of Service PHP Fedora +1
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
7.7%
CVE-2020-28036 CRITICAL PATCH Act Now

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP Fedora Debian Linux
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-28035 CRITICAL Act Now

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-28034 MEDIUM This Month

WordPress before 5.5.2 allows XSS associated with global variables. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-28033 HIGH This Week

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-28032 CRITICAL PATCH Act Now

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP Fedora Debian Linux
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
16.1%
CVE-2020-28030 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2020-14323 MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-15238 HIGH POC This Week

Blueman is a GTK+ Bluetooth Manager. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Code Injection Blueman Debian Linux Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
4.5%
CVE-2020-27675 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel Fedora +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-27674 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen Fedora Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-27672 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-27671 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing. Rated high severity (CVSS 7.8).

Denial Of Service Xen Leap Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27670 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27638 HIGH PATCH This Week

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fastd Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-27619 CRITICAL PATCH Act Now

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Communications Cloud Native Core Network Function Cloud Native Environment
NVD GitHub
CVSS 3.1
9.8
EPSS
8.3%
CVE-2020-14812 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +5
NVD
CVSS 3.1
4.9
EPSS
2.9%
CVE-2020-14794 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14793 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14791 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
2.2
EPSS
1.6%
CVE-2020-14790 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14789 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2020-14786 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14785 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14779 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Openjdk Jdk +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2020-14777 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14776 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +2
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2020-14775 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-14773 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2020-14769 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-14765 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +5
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2020-14672 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2020-25648 HIGH PATCH This Week

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Network Security Services Enterprise Linux Fedora Communications Offline Mediation Controller +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-24388 HIGH POC This Week

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yubihsm Shell Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-24387 HIGH POC This Week

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Yubihsm Shell Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-24266 HIGH POC This Week

An issue was discovered in tcpreplay tcpprep v4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-24265 HIGH POC This Week

An issue was discovered in tcpreplay tcpprep v4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-9983 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Apple Icloud +7
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-26935 PHP CRITICAL POC PATCH THREAT Act Now

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Backports Sle Leap Fedora +1
NVD
CVSS 3.1
9.8
EPSS
67.1%
CVE-2020-26934 PHP MEDIUM PATCH This Month

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Backports Sle Leap Fedora +1
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-26880 HIGH This Week

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sympa Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-26575 HIGH PATCH This Week

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Fedora Debian Linux Zfs Storage Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-25866 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Wireshark Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-25863 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-25862 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-25613 Ruby HIGH PATCH This Week

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Ruby Webrick Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-26572 MEDIUM PATCH This Month

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Opensc Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-26571 MEDIUM This Month

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Opensc Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-26570 MEDIUM PATCH This Month

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Opensc Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8223 MEDIUM POC This Month

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Privilege Escalation Nextcloud Server Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-7070 MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora Debian Linux Leap +3
NVD
CVSS 3.1
5.3
EPSS
5.0%
CVE-2020-7069 MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora Debian Linux Leap +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-26519 MEDIUM This Month

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Mupdf Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-11979 Maven HIGH PATCH This Week

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Ant Gradle Fedora +34
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2020-26154 CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-15216 Go MEDIUM PATCH This Month

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Goxmldsig Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-26121 HIGH PATCH This Week

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-26120 MEDIUM POC This Month

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-25869 HIGH This Week

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-25828 PHP MEDIUM PATCH This Month

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-25827 PHP HIGH POC PATCH This Week

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-25815 PHP MEDIUM PATCH This Month

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-25814 PHP MEDIUM PATCH This Month

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-25813 PHP MEDIUM PATCH This Month

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-25812 PHP MEDIUM PATCH This Month

An issue was discovered in MediaWiki 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-26116 HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora Ubuntu Linux Solidfire +4
NVD
CVSS 3.1
7.2
EPSS
6.4%
CVE-2020-25604 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen Fedora Debian Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-25603 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25602 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-25601 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25600 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25599 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-25598 MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25597 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-25596 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-25595 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen Fedora Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Insufficient data validation in navigation in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient data validation in dialogs in Google Chrome on OS X prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

WordPress before 5.5.2 allows stored XSS via post slugs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora +1
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress RCE Denial Of Service +3
NVD GitHub WPScan
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP +2
NVD GitHub WPScan
EPSS 4% CVSS 9.8
CRITICAL Act Now

WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

WordPress before 5.5.2 allows XSS associated with global variables. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Fedora +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Fedora +1
NVD
EPSS 16% CVSS 9.8
CRITICAL PATCH Act Now

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

WordPress Deserialization PHP +2
NVD GitHub WPScan
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap +2
NVD
EPSS 5% CVSS 7.0
HIGH POC This Week

Blueman is a GTK+ Bluetooth Manager. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Code Injection Blueman Debian Linux +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing. Rated high severity (CVSS 7.8).

Denial Of Service Xen Leap +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fastd Debian Linux +1
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +1
NVD GitHub
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +7
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 2.2
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +19
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +7
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Network Security Services Enterprise Linux +4
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yubihsm Shell Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in tcpreplay tcpprep v4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in tcpreplay tcpprep v4.3.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +9
NVD
EPSS 67% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Backports Sle +3
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Backports Sle +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Sympa Fedora +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Fedora +2
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Wireshark +3
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +3
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Ruby +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Opensc +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Opensc +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Opensc +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Privilege Escalation Nextcloud Server +1
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora +6
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Ant +36
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Authentication Bypass Goxmldsig +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mediawiki Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in MediaWiki 1.34.x before 1.34.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora +6
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen +3
NVD
Prev Page 29 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy