Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2015-8010 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Icinga Leap
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-5337 CRITICAL PATCH Act Now

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2017-5336 CRITICAL PATCH Act Now

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2017-5335 HIGH PATCH This Week

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Leap Gnutls
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2017-5334 CRITICAL PATCH Act Now

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Gnutls
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2016-7797 HIGH PATCH This Week

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pacemaker Leap Linux Enterprise High Availability Linux Enterprise Software Development Kit +2
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2016-9556 MEDIUM PATCH This Month

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Imagemagick Debian Linux Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-9399 HIGH PATCH This Week

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora Leap
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2016-9398 HIGH PATCH This Week

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora Leap Linux Enterprise Desktop +2
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2016-10051 HIGH PATCH This Week

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-10050 HIGH PATCH This Week

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-10048 HIGH PATCH This Week

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Imagemagick Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
4.9%
CVE-2016-6225 MEDIUM PATCH This Month

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Xtrabackup Leap Fedora
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-6318 HIGH This Week

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Sane Backends
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-5930 LOW POC PATCH THREAT Monitor

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

Authentication Bypass PHP Leap Postfixadmin
NVD GitHub
CVSS 3.1
2.7
EPSS
39.9%
CVE-2014-9851 HIGH PATCH This Week

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2014-9850 HIGH PATCH This Week

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9849 HIGH PATCH This Week

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9848 HIGH PATCH This Week

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2014-9847 CRITICAL PATCH Act Now

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Studio Onsite Opensuse Leap Suse Linux Enterprise Debuginfo +6
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2014-9846 CRITICAL PATCH Act Now

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Studio Onsite Leap Opensuse Suse Linux Enterprise Debuginfo +6
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2014-9845 MEDIUM PATCH This Month

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Studio Onsite Leap Opensuse +7
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-9844 MEDIUM PATCH This Month

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Studio Onsite Opensuse +8
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-9843 CRITICAL PATCH Act Now

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2014-9842 HIGH PATCH This Week

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9841 CRITICAL PATCH Act Now

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2014-9854 HIGH PATCH This Week

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap Opensuse Linux Enterprise Server +3
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2014-9853 MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo Leap Opensuse +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9852 CRITICAL PATCH Act Now

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2017-5938 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Debian Linux Leap Viewvc
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-10070 MEDIUM PATCH This Month

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2016-10065 HIGH PATCH This Week

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Imagemagick Leap
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-7972 HIGH PATCH This Week

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Fedora Libass
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-7969 HIGH PATCH This Week

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Leap Opensuse +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2016-10069 MEDIUM PATCH This Month

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-10068 MEDIUM PATCH This Month

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2016-10064 HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2016-9830 MEDIUM PATCH This Month

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-10207 HIGH POC PATCH This Week

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Leap Tigervnc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-8866 HIGH POC PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Leap Opensuse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2016-8689 HIGH PATCH This Week

The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Libarchive Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-8688 MEDIUM PATCH This Month

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Libarchive Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-8687 HIGH PATCH This Week

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libarchive Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2016-7800 HIGH This Week

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick Leap Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-7449 HIGH This Week

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Debian Linux +2
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2016-7448 HIGH This Week

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2016-7447 CRITICAL Act Now

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2016-7446 CRITICAL Act Now

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-10165 HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Little Cms Color Engine Ubuntu Linux +17
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2016-8569 MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 Fedora Leap +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-8568 MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Fedora Leap +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-5241 MEDIUM PATCH This Month

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-2318 MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-2317 MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-7976 MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo Manager Manager Proxy +6
NVD VulDB
CVSS 3.0
4.3
EPSS
3.2%
CVE-2016-9436 MEDIUM PATCH This Month

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap W3M
NVD GitHub VulDB
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-9435 MEDIUM PATCH This Month

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap W3M
NVD GitHub VulDB
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-5317 MEDIUM This Month

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Opensuse Leap
NVD VulDB
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-5316 MEDIUM This Month

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libtiff Opensuse Leap
NVD VulDB
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-7787 MEDIUM PATCH This Month

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kde Cli Tools Leap Opensuse
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2016-2312 MEDIUM This Month

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kscreenlocker Plasma Workspace Fedora Leap
NVD
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-9427 CRITICAL PATCH Act Now

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Bdwgc Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2016-7995 MEDIUM PATCH This Month

Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-7994 MEDIUM PATCH This Month

Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-7466 MEDIUM PATCH This Month

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Openstack Virtualization
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-7422 MEDIUM PATCH This Month

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Qemu Leap Openstack +1
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-7170 MEDIUM PATCH This Month

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Qemu Debian Linux Leap
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2016-9106 MEDIUM PATCH This Month

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9105 MEDIUM PATCH This Month

Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-9104 MEDIUM PATCH This Month

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Qemu Debian Linux Leap
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2016-9101 MEDIUM PATCH This Month

Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8910 MEDIUM PATCH This Month

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Leap Openstack +1
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8909 MEDIUM PATCH This Month

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Qemu Debian Linux Leap +2
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2016-8669 MEDIUM PATCH This Month

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Openstack Virtualization +1
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8668 MEDIUM PATCH This Month

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Qemu Leap
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8667 MEDIUM PATCH This Month

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8578 MEDIUM PATCH This Month

The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8577 MEDIUM PATCH This Month

Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Leap
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-8576 MEDIUM PATCH This Month

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu Leap Openstack Virtualization +1
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2016-7141 HIGH PATCH This Week

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Leap Libcurl
NVD GitHub
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-6905 MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Libgd Leap +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2013-4118 HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp Leap Opensuse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2016-6352 HIGH POC This Week

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ubuntu Linux Gdk Pixbuf +2
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-7445 HIGH POC PATCH This Week

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Openjpeg Leap
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-6172 MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Leap Opensuse Authoritative Server
NVD GitHub
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-6153 MEDIUM PATCH CISA This Month

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Sqlite Fedora Leap
NVD
CVSS 3.0
5.9
EPSS
0.0%
CVE-2016-5746 MEDIUM This Month

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Libstorage Libstorage Ng Yast Storage Leap
NVD GitHub
CVSS 3.0
5.1
EPSS
0.1%
CVE-2016-4303 CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Iperf3 Suse Package Hub For Suse Linux Enterprise +3
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2016-6265 MEDIUM POC This Month

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mupdf Leap +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-5167 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Leap Chrome
NVD
CVSS 3.0
8.8
EPSS
1.6%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Icinga Leap
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Leap Gnutls
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Gnutls
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pacemaker Leap +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Imagemagick +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jasper Fedora +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick +1
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Imagemagick Leap
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector (IV) for encryption, which makes it easier for context-dependent attackers to obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Xtrabackup Leap +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Sane Backends
NVD
EPSS 40% CVSS 2.7
LOW POC PATCH THREAT Monitor

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.9%.

Authentication Bypass PHP Leap +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse +7
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Studio Onsite Opensuse +8
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Studio Onsite Leap +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Studio Onsite +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +10
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensuse Leap +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap +7
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensuse Leap +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo +8
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse +5
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Debian Linux Leap +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Imagemagick +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Imagemagick +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Leap +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Leap +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Libarchive +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +4
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Graphicsmagick Debian Linux +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux +2
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +19
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick +6
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo +8
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap W3M
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap W3M
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libtiff +2
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kde Cli Tools +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kscreenlocker Plasma Workspace +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +4
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Qemu +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Qemu +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Qemu +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Qemu +4
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Qemu +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Leap +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Qemu Leap +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Leap Libcurl
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Openjpeg +1
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Leap Opensuse +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Sqlite Fedora +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Libstorage Libstorage Ng +2
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft +2
NVD
Prev Page 16 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy