Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2019-7164 PyPI CRITICAL POC PATCH Act Now

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
3.5%
CVE-2019-3812 MEDIUM PATCH This Month

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Fedora Ubuntu Linux Leap
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2019-8912 HIGH PATCH This Week

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-8907 HIGH POC This Week

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption File Debian Linux +2
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2019-8906 MEDIUM POC PATCH This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure File Ubuntu Linux Leap +4
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8905 MEDIUM POC This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Debian Linux File Ubuntu Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-8341 CRITICAL POC THREAT Act Now

An issue was discovered in Jinja2 2.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jinja2 Leap
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
44.8%
CVE-2019-7665 MEDIUM POC This Month

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Elfutils Debian Linux +9
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-7663 MEDIUM POC PATCH This Month

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux Ubuntu Linux Leap
NVD
CVSS 3.0
6.5
EPSS
3.4%
CVE-2019-7638 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-7637 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2019-7636 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Leap Debian Linux +2
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2019-7635 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Backports Sle Leap +3
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-7578 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Leap Debian Linux +2
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2019-7577 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Leap Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-7576 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-7575 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-7574 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2019-7573 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-7572 HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer Debian Linux Leap +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2019-7548 PyPI HIGH POC PATCH This Week

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux Backports Sle Leap +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-3820 MEDIUM POC PATCH This Month

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gnome Shell Leap Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-7398 HIGH POC This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-7397 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Graphicsmagick Leap Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-7396 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-7395 HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-1000020 MEDIUM PATCH This Month

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libarchive Ubuntu Linux Debian Linux Fedora +4
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2019-1000019 MEDIUM POC This Month

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Libarchive Debian Linux +6
NVD GitHub
CVSS 3.1
6.5
EPSS
3.4%
CVE-2019-7317 MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Libpng Debian Linux +30
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-7308 MEDIUM PATCH This Month

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different. Rated medium severity (CVSS 5.6).

Buffer Overflow Linux Linux Kernel Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
5.6
EPSS
0.5%
CVE-2019-6438 CRITICAL Act Now

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slurm Leap
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-7150 MEDIUM POC PATCH This Month

An issue was discovered in elfutils 0.175. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Elfutils Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-3819 MEDIUM PATCH This Month

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-6486 Go HIGH PATCH This Week

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go Debian Linux Leap
NVD GitHub
CVSS 3.0
8.2
EPSS
4.3%
CVE-2019-2426 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +5
NVD
CVSS 3.1
3.7
EPSS
2.6%
CVE-2019-2422 LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +16
NVD
CVSS 3.1
3.1
EPSS
3.4%
CVE-2019-3811 MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux Fedora Leap +1
NVD
CVSS 3.1
5.2
EPSS
0.7%
CVE-2019-6251 HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure Epiphany Webkitgtk +4
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2019-6128 HIGH POC PATCH This Week

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Ubuntu Linux Leap Debian Linux
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2018-20549 HIGH POC This Week

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20548 HIGH POC This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Fedora Leap
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20547 HIGH POC This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2018-20546 HIGH POC PATCH This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca Ubuntu Linux Fedora +2
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2018-20545 HIGH POC PATCH This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-19873 CRITICAL PATCH Act Now

An issue was discovered in Qt before 5.11.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qt Backports Leap Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-19871 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qt Leap
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19870 HIGH PATCH This Week

An issue was discovered in Qt before 5.11.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-19869 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-15518 HIGH PATCH This Week

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Debian Linux Leap
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-20482 MEDIUM POC PATCH This Month

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c). Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Tar Debian Linux Leap
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2018-20467 MEDIUM POC PATCH This Month

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-20346 HIGH POC PATCH This Week

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Integer Overflow RCE Buffer Overflow Sqlite Chrome +3
NVD GitHub
CVSS 3.0
8.1
EPSS
9.7%
CVE-2018-20126 MEDIUM PATCH This Month

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-1000880 MEDIUM PATCH This Month

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser -. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libarchive Ubuntu Linux Fedora Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
4.1%
CVE-2018-1000879 MEDIUM PATCH This Month

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser -. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libarchive Fedora Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
3.4%
CVE-2018-1000878 HIGH PATCH This Week

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Use After Free Libarchive Debian Linux +6
NVD GitHub
CVSS 3.1
8.8
EPSS
4.4%
CVE-2018-16875 Go HIGH PATCH This Week

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Leap
NVD
CVSS 3.0
7.5
EPSS
6.3%
CVE-2018-16874 Go HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal Go Backports Sle Leap +2
NVD
CVSS 3.1
8.1
EPSS
5.0%
CVE-2018-16873 Go HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Go Backports Sle Leap Linux Enterprise Server +1
NVD
CVSS 3.1
8.1
EPSS
66.3%
CVE-2018-16872 MEDIUM PATCH This Month

A flaw was found in qemu Media Transfer Protocol (MTP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Qemu Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-19489 MEDIUM PATCH This Month

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Qemu Debian Linux Fedora +2
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2018-19364 MEDIUM PATCH This Month

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Qemu Ubuntu Linux +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-18356 HIGH This Week

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Chrome Debian Linux +8
NVD
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-18335 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Chrome Enterprise Linux Desktop +4
NVD
CVSS 3.0
8.8
EPSS
3.7%
CVE-2018-19665 MEDIUM PATCH This Month

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qemu Leap
NVD
CVSS 3.1
5.7
EPSS
0.9%
CVE-2018-19865 HIGH PATCH This Week

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-19841 MEDIUM POC PATCH This Month

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Ubuntu Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
2.5%
CVE-2018-19840 MEDIUM PATCH This Month

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Wavpack Ubuntu Linux Fedora Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-19542 MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper Ubuntu Linux Linux Enterprise Desktop +3
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19539 MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Linux Enterprise Desktop Linux Enterprise Server Debian Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19492 HIGH POC PATCH This Week

An issue was discovered in cairo.trm in Gnuplot 5.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnuplot Debian Linux Leap
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-19491 HIGH POC PATCH This Week

An issue was discovered in post.trm in Gnuplot 5.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnuplot Debian Linux Leap
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-19490 HIGH POC PATCH This Week

An issue was discovered in datafile.c in Gnuplot 5.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gnuplot Debian Linux Leap
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-18954 MEDIUM PATCH This Month

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Qemu Ubuntu Linux Leap
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-16845 MEDIUM PATCH This Month

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
6.1
EPSS
9.8%
CVE-2018-16843 HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2018-19052 HIGH POC PATCH THREAT This Week

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lighttpd Backports Sle Leap Suse Linux Enterprise Server +1
NVD GitHub
CVSS 3.1
7.5
EPSS
14.1%
CVE-2018-18544 MEDIUM POC This Month

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphicsmagick Imagemagick Leap
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-18521 MEDIUM POC PATCH This Month

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Elfutils Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2018-18520 MEDIUM POC PATCH This Month

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2018-18310 MEDIUM POC PATCH This Month

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils Debian Linux Enterprise Linux Desktop +4
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2018-18225 HIGH PATCH This Week

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux Leap
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2018-18074 PyPI HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests Ubuntu Linux Leap +3
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2018-12477 HIGH This Week

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-14647 HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux Debian Linux Fedora +4
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2018-16597 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Linux Linux Kernel Active Iq Performance Analytics Services Element Software +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-17294 MEDIUM POC PATCH This Month

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Liblouis Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-1000802 CRITICAL PATCH Act Now

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Command Injection Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
20.8%
CVE-2018-10930 MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux Enterprise Linux Server Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10929 HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux +7
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Fedora +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +5
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure File +6
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Debian Linux +3
NVD
EPSS 45% CVSS 9.8
CRITICAL POC THREAT Act Now

An issue was discovered in Jinja2 2.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Jinja2 +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +11
NVD
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Debian Linux +2
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +5
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Simple Directmedia Layer +4
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SQLi Sqlalchemy Debian Linux +7
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gnome Shell Leap +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Graphicsmagick +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick Leap +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libarchive Ubuntu Linux +6
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +8
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +32
NVD GitHub VulDB
EPSS 1% CVSS 5.6
MEDIUM PATCH This Month

kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different. Rated medium severity (CVSS 5.6).

Buffer Overflow Linux Linux Kernel +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slurm Leap
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in elfutils 0.175. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Elfutils +10
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +3
NVD
EPSS 4% CVSS 8.2
HIGH PATCH This Week

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go Debian Linux +1
NVD GitHub
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +7
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +18
NVD
EPSS 1% CVSS 5.2
MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux +3
NVD
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Apple Information Disclosure +6
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Ubuntu Linux +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Ubuntu Linux +3
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca +4
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Libcaca +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Qt before 5.11.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qt Backports +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qt Leap
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Qt before 5.11.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Qt +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Debian Linux +1
NVD
EPSS 1% CVSS 4.7
MEDIUM POC PATCH This Month

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c). Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Tar Debian Linux +1
NVD
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Leap +2
NVD GitHub
EPSS 10% CVSS 8.1
HIGH POC PATCH This Week

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Integer Overflow RCE Buffer Overflow +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux +1
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser -. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libarchive Ubuntu Linux +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser -. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libarchive +2
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Use After Free +8
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Leap
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal Go +4
NVD
EPSS 66% CVSS 8.1
HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Go Backports Sle +3
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in qemu Media Transfer Protocol (MTP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Qemu Debian Linux +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Qemu +4
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

hw/9pfs/cofile.c and hw/9pfs/9p.c in QEMU can modify an fid path while it is being accessed by a second thread, leading to (for example) a use-after-free outcome. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google +10
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow +6
NVD
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qemu +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
EPSS 3% CVSS 5.5
MEDIUM POC PATCH This Month

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack +4
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Wavpack Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jasper +5
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in JasPer 2.0.14. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper Linux Enterprise Desktop +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in cairo.trm in Gnuplot 5.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnuplot Debian Linux +1
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in post.trm in Gnuplot 5.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gnuplot Debian Linux +1
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in datafile.c in Gnuplot 5.2.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gnuplot +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Qemu +2
NVD
EPSS 10% CVSS 6.1
MEDIUM PATCH This Month

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nginx Debian Linux +3
NVD
EPSS 47% CVSS 7.5
HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux +3
NVD
EPSS 14% CVSS 7.5
HIGH POC PATCH THREAT This Week

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Lighttpd Backports Sle +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Graphicsmagick Imagemagick +1
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Elfutils Debian Linux +5
NVD
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils +6
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils +6
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Requests +5
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux +6
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Linux Linux Kernel +3
NVD
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +3
NVD GitHub
EPSS 21% CVSS 9.8
CRITICAL PATCH Act Now

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Command Injection +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server +3
NVD
Prev Page 14 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy