Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2019-9456 MEDIUM PATCH This Month

In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2019-9455 LOW Monitor

In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android Leap
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2019-9855 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure Libreoffice Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-9854 HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-16056 HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-14813 CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform Enterprise Linux Enterprise Linux Desktop +8
NVD
CVSS 3.1
9.8
EPSS
11.4%
CVE-2019-15939 PyPI MEDIUM POC PATCH This Month

An issue was discovered in OpenCV 4.1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Opencv Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.4%
CVE-2019-15921 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.6. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Leap
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-15920 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2019-15919 LOW PATCH Monitor

An issue was discovered in the Linux kernel before 5.0.10. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2019-15917 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.5. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2019-15902 MEDIUM POC This Month

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Active Iq Performance Analytics Services Service Processor +3
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2019-14817 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-14811 HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
3.8%
CVE-2019-15847 HIGH This Week

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gcc Leap
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2019-15666 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.0.19. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Linux Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
4.4
EPSS
1.7%
CVE-2019-15538 HIGH PATCH This Week

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Data Availability Services +15
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-10086 Maven HIGH PATCH This Week

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Apache Deserialization Commons Beanutils Nifi +58
NVD
CVSS 3.1
7.3
EPSS
28.8%
CVE-2019-2126 HIGH This Week

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android Fedora Ubuntu Linux +1
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2019-15222 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +5
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2019-15221 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.17. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15220 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.1. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15219 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15218 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15217 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15216 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.14. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15215 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15214 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 6.4). Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2019-15213 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +6
NVD VulDB
CVSS 3.1
4.6
EPSS
0.2%
CVE-2019-15212 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel H410c Firmware Active Iq Unified Manager +6
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15211 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15145 MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-15144 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15143 MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-15142 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15141 MEDIUM POC PATCH This Month

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2019-15118 MEDIUM PATCH This Month

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-15098 MEDIUM This Month

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Active Iq Performance Analytics Services +6
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15090 MEDIUM PATCH This Month

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-9852 HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-9851 CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux Debian Linux Fedora +2
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
78.3%
CVE-2019-9850 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-12854 HIGH PATCH This Week

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
11.7%
CVE-2019-9506 HIGH This Week

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Android Iphone Os Mac Os X Tvos +143
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2019-14973 MEDIUM PATCH This Month

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Libtiff Debian Linux Fedora +1
NVD
CVSS 3.1
6.5
EPSS
4.2%
CVE-2019-9518 HIGH This Week

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +14
NVD GitHub
CVSS 3.1
7.5
EPSS
25.4%
CVE-2019-9517 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Http Server Traffic Server Ubuntu Linux +19
NVD GitHub
CVSS 3.1
7.5
EPSS
27.0%
CVE-2019-9516 MEDIUM This Month

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.1
6.5
EPSS
56.3%
CVE-2019-9515 HIGH This Week

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +18
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2019-9514 Go HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Ubuntu Linux +24
NVD GitHub
CVSS 3.1
7.5
EPSS
82.8%
CVE-2019-9513 HIGH This Week

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
82.0%
CVE-2019-9511 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
58.4%
CVE-2019-14981 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-14980 MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Memory Corruption Imagemagick Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-11042 HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
7.1
EPSS
4.4%
CVE-2019-11041 HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
7.1
EPSS
4.4%
CVE-2019-14806 PyPI HIGH PATCH This Week

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Werkzeug Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-13106 HIGH PATCH CISA Act Now

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE U Boot Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2019-13104 HIGH PATCH CISA Act Now

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure U Boot Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-14235 PyPI HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django Leap
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2019-14233 PyPI HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django Leap
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2019-14232 PyPI HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django Leap
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-14524 HIGH POC This Week

An issue was discovered in Schism Tracker through 20190722. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Schism Tracker Backports Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-14492 PyPI HIGH POC PATCH This Week

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Opencv Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-10185 HIGH PATCH This Week

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Debian Linux Leap
NVD GitHub
CVSS 3.1
8.6
EPSS
4.0%
CVE-2019-10181 HIGH PATCH This Week

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Icedtea Web Debian Linux Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2019-5060 HIGH POC This Week

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-5059 HIGH This Week

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Sdl2 Image Backports Sle Leap
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5058 HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5057 HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-10163 MEDIUM PATCH This Month

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Authoritative Backports Leap
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-10162 HIGH PATCH This Week

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Authoritative Leap
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-10152 Go HIGH PATCH This Week

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).

Path Traversal Libpod Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2019-5460 MEDIUM POC This Month

Double Free in VLC versions <= 3.0.6 leads to a crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vlc Media Player Backports Leap
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2019-5459 HIGH POC This Week

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player Backports Sle Backports +1
NVD
CVSS 3.1
7.1
EPSS
2.8%
CVE-2019-14383 MEDIUM PATCH This Month

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt Leap
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2019-10130 MEDIUM This Month

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL Leap
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2019-14444 MEDIUM POC This Month

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils Leap Ubuntu Linux +2
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-14271 Go CRITICAL PATCH Act Now

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Docker Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
18.8%
CVE-2019-13565 HIGH PATCH This Week

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2019-13057 MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux Debian Linux Leap +5
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2019-14275 MEDIUM POC This Month

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Fig2Dev Debian Linux Leap
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-14274 MEDIUM POC This Month

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mcpp Backports Sle Leap
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-1010180 HIGH POC This Week

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Information Disclosure Gdb Leap
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2019-14250 MEDIUM POC This Month

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils Ubuntu Linux Leap
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2019-2877 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-2876 LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2019-2875 LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2019-2874 LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2019-2873 LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox Leap
NVD
CVSS 3.1
3.3
EPSS
0.5%
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 2.3
LOW Monitor

In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Python Information Disclosure +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice +5
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +8
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Openshift Container Platform +10
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

An issue was discovered in OpenCV 4.1.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Opencv Leap +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.6. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An issue was discovered in the Linux kernel before 5.0.10. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.5. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD GitHub
EPSS 1% CVSS 5.6
MEDIUM POC This Month

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Rated medium severity (CVSS 5.6). Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel +5
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform +3
NVD
EPSS 4% CVSS 7.8
HIGH POC This Week

A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ghostscript Openshift Container Platform +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gcc Leap
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.0.19. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Linux +4
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 29% CVSS 7.3
HIGH PATCH This Week

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Apache Deserialization +60
NVD
EPSS 5% CVSS 8.8
HIGH This Week

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android +3
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +7
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.17. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.1. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +10
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +10
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.14. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +10
NVD
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 6.4). Public exploit code available.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +8
NVD VulDB
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +8
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +10
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre +4
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre +4
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Imagemagick +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +9
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux +8
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux +4
NVD
EPSS 78% CVSS 9.8
CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux +4
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux +4
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux +3
NVD
EPSS 3% CVSS 8.1
HIGH This Week

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Android Iphone Os +145
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Libtiff +3
NVD
EPSS 25% CVSS 7.5
HIGH This Week

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +16
NVD GitHub
EPSS 27% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Http Server +21
NVD GitHub
EPSS 56% CVSS 6.5
MEDIUM This Month

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +17
NVD GitHub
EPSS 88% CVSS 7.5
HIGH This Week

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +20
NVD GitHub
EPSS 83% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +26
NVD GitHub
EPSS 82% CVSS 7.5
HIGH This Week

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +18
NVD GitHub
EPSS 58% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Traffic Server +18
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub
EPSS 4% CVSS 7.1
HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure +6
NVD
EPSS 4% CVSS 7.1
HIGH POC This Week

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Docker Information Disclosure Werkzeug +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH Act Now

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure U Boot +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Django +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Python Django +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in Schism Tracker through 20190722. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Schism Tracker +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD GitHub
EPSS 4% CVSS 8.6
HIGH PATCH This Week

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Icedtea Web Debian Linux +1
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Code Injection Icedtea Web Debian Linux +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Sdl2 Image +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Sdl2 Image +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +3
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Authoritative Backports +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Authoritative Leap
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. Rated high severity (CVSS 7.2).

Path Traversal Libpod Leap
NVD GitHub
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Double Free in VLC versions <= 3.0.6 leads to a crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vlc Media Player Backports +1
NVD
EPSS 3% CVSS 7.1
HIGH POC This Week

An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player +3
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libopenmpt Leap
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL Leap
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils +4
NVD
EPSS 19% CVSS 9.8
CRITICAL PATCH Act Now

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Docker Debian Linux +1
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in OpenLDAP 2.x before 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openldap Ubuntu Linux +7
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

An issue was discovered in the server in OpenLDAP before 2.4.48. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Openldap Ubuntu Linux +7
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Fig2Dev +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mcpp +2
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox +1
NVD
Prev Page 10 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy