Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2016-1694 MEDIUM This Month

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Leap +5
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2016-1693 MEDIUM This Month

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Debian Linux Leap Opensuse +5
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2016-1692 MEDIUM This Month

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2016-1691 HIGH This Week

Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-1690 HIGH This Week

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Google Debian Linux Leap Opensuse +5
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2016-1689 MEDIUM This Month

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-1688 MEDIUM This Month

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Debian Linux +8
NVD
CVSS 3.0
6.5
EPSS
4.8%
CVE-2016-1687 MEDIUM This Month

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Debian Linux Leap Opensuse +5
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2016-1686 MEDIUM This Month

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Debian Linux +6
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-1685 MEDIUM This Month

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Debian Linux +6
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-1683 HIGH This Week

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Google Buffer Overflow Libxslt Ubuntu Linux +8
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-1682 MEDIUM This Month

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Chrome Ubuntu Linux +7
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2016-1681 HIGH This Week

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Leap +6
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1680 HIGH This Week

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Ubuntu Linux +7
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1679 HIGH This Week

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-1678 HIGH This Week

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow V8 Chrome +8
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-1677 MEDIUM This Month

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Google Information Disclosure Chrome Ubuntu Linux Debian Linux +7
NVD
CVSS 3.0
6.5
EPSS
12.6%
CVE-2016-1676 HIGH This Week

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux Leap Opensuse +5
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-1675 HIGH This Week

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ubuntu Linux Debian Linux Leap +6
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-1674 HIGH This Week

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux Leap Opensuse +5
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-1673 HIGH This Week

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-1672 HIGH This Week

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Leap +5
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-4804 MEDIUM PATCH This Month

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Dosfstools Leap Opensuse +1
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2015-8872 MEDIUM PATCH This Month

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ubuntu Linux Leap Opensuse Dosfstools
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-1234 HIGH POC PATCH This Week

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Glibc Leap Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-0718 CRITICAL PATCH Act Now

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Firefox Mac Os X +12
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2016-4049 HIGH This Week

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quagga Leap Opensuse
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-3959 Go HIGH PATCH This Week

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Go Fedora
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2016-4578 MEDIUM POC PATCH This Month

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +8
NVD Exploit-DB GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-4544 CRITICAL POC PATCH Act Now

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow Leap Opensuse +2
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2016-4543 CRITICAL POC PATCH Act Now

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow System Management Homepage Fedora +1
NVD
CVSS 3.0
9.8
EPSS
5.4%
CVE-2016-4542 CRITICAL POC PATCH Act Now

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow Leap Fedora
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-4541 CRITICAL POC PATCH Act Now

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow Fedora Leap
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2016-4540 CRITICAL POC PATCH Act Now

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow Fedora Leap
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2016-4539 CRITICAL POC PATCH Act Now

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow Leap Fedora
NVD
CVSS 3.0
9.8
EPSS
4.5%
CVE-2016-4538 CRITICAL POC PATCH Act Now

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Fedora Leap
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2016-4537 CRITICAL POC PATCH Act Now

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Leap Fedora
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2016-4346 CRITICAL POC Act Now

Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service PHP Buffer Overflow Leap +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2016-4342 HIGH POC This Week

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Buffer Overflow Leap
NVD
CVSS 3.0
8.8
EPSS
5.6%
CVE-2015-8866 CRITICAL POC PATCH Act Now

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE PHP Ubuntu Linux Leap Opensuse +2
NVD
CVSS 3.1
9.6
EPSS
3.5%
CVE-2016-4348 HIGH This Week

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Librsvg Debian Linux Leap Opensuse
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-3705 HIGH This Week

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Libxml2 Debian Linux Icewall Federation Agent +2
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-3627 HIGH PATCH This Week

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Debian Linux Icewall Federation Agent Icewall File Manager +10
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2015-8874 HIGH POC This Week

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Buffer Overflow Leap
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2015-8873 HIGH POC This Week

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Leap
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2015-4116 CRITICAL POC Act Now

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Leap
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2015-8863 CRITICAL PATCH Act Now

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6%.

Denial Of Service Buffer Overflow Leap Opensuse Jq
NVD GitHub
CVSS 3.0
9.8
EPSS
10.6%
CVE-2016-2107 MEDIUM POC PATCH THREAT This Month

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 80.0%.

OpenSSL Information Disclosure Oracle Enterprise Linux Desktop Enterprise Linux Hpc Node +12
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
80.0%
Threat
5.1
CVE-2016-2105 HIGH PATCH Act Now

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1%.

Integer Overflow Denial Of Service OpenSSL Buffer Overflow Enterprise Linux Desktop +13
NVD
CVSS 3.1
7.5
EPSS
45.1%
CVE-2016-2807 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +3
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-2806 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Debian Linux +4
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2016-2383 MEDIUM PATCH This Month

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-0668 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors. Rated medium severity (CVSS 4.1).

Information Disclosure Oracle MySQL MariaDB Debian Linux +7
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2016-0666 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Enterprise Linux Debian Linux MariaDB +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0655 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MariaDB Debian Linux Leap +2
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-0651 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL MariaDB Linux Enterprise Debuginfo +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-0650 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Linux Leap Powerkvm +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0649 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Powerkvm Enterprise Linux Leap +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0648 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Leap Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0647 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap Debian Linux Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0646 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Linux Enterprise Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0644 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Leap Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-0643 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Enterprise Linux Powerkvm +3
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2016-0642 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MySQL Linux Enterprise Debuginfo Leap +14
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2016-0641 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap Debian Linux MySQL +4
NVD
CVSS 3.0
5.1
EPSS
0.2%
CVE-2016-0640 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL Linux Leap +4
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-5479 MEDIUM This Month

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Libav Leap
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2016-4036 MEDIUM This Month

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Leap Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-1659 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Leap Linux Enterprise +2
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2016-1658 MEDIUM This Month

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Suse Package Hub For Suse Linux Enterprise Leap Chrome +1
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2016-1657 MEDIUM This Month

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Debian Linux Suse Package Hub For Suse Linux Enterprise Leap +1
NVD
CVSS 3.0
4.3
EPSS
2.2%
CVE-2016-1656 HIGH This Week

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Leap Linux Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1655 HIGH This Week

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Leap Linux Enterprise +2
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2016-1654 MEDIUM This Month

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Leap Linux Enterprise +2
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2016-1653 HIGH This Week

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Debian Linux Leap +3
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2016-1652 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Debian Linux Leap Linux Enterprise +1
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1651 HIGH This Week

fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Information Disclosure Buffer Overflow Chrome +3
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2016-2313 HIGH This Week

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Cacti Leap Opensuse
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-3982 HIGH PATCH This Week

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Leap Opensuse +3
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2016-3630 PyPI HIGH PATCH This Week

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fedora Leap Mercurial Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2016-3069 PyPI HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mercurial Debian Linux Linux Enterprise Debuginfo Opensuse +10
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2016-3068 PyPI HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Debian Linux Mercurial Fedora Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2016-2191 MEDIUM POC PATCH This Month

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Optipng Ubuntu Linux Debian Linux +2
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2015-8080 HIGH POC This Week

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Redis Buffer Overflow Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2016-4007 CRITICAL PATCH Act Now

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2016-1866 PyPI HIGH PATCH This Week

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Authentication Bypass Salt Leap
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2015-8614 HIGH PATCH This Week

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Claws Mail Leap Opensuse
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2015-5969 MEDIUM This Month

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse Linux Enterprise Desktop Linux Enterprise Server +2
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-2324 CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
22.1%
CVE-2016-2315 CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
EPSS 1% CVSS 5.3
MEDIUM This Month

browser/browsing_data/browsing_data_remover.cc in Google Chrome before 51.0.2704.63 deletes HPKP pins during cache clearing, which makes it easier for remote attackers to spoof web sites via a valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Chrome +7
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before 51.0.2704.63 does not use the HTTPS service on dl.google.com to obtain the Software Removal Tool, which allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Debian Linux +7
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass +9
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Google Debian Linux +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +10
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Debian Linux +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +8
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Google Buffer Overflow +10
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass +9
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +10
NVD
EPSS 13% CVSS 6.5
MEDIUM This Month

uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before 51.0.2704.63, uses an incorrect array type, which allows remote attackers to obtain sensitive information by calling the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.6% and no vendor patch available.

Google Information Disclosure Chrome +9
NVD
EPSS 1% CVSS 8.8
HIGH This Week

extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ubuntu Linux +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +7
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Dosfstools +3
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Ubuntu Linux Leap +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Glibc +3
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +14
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does not perform size checks when dumping data, which might allow remote attackers to cause a denial of service (assertion failure and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Quagga Leap +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Go +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +10
NVD Exploit-DB GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +4
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +2
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Buffer Overflow +2
NVD
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Fedora +1
NVD
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service PHP Leap +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service PHP +3
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Buffer Overflow +1
NVD
EPSS 4% CVSS 9.6
CRITICAL POC PATCH Act Now

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE PHP Ubuntu Linux +4
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via circular definitions in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Librsvg Debian Linux +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Linux Libxml2 +4
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Debian Linux +12
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Buffer Overflow +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Leap
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Leap
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.6%.

Denial Of Service Buffer Overflow Leap +2
NVD GitHub
EPSS 80% 5.1 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 80.0%.

OpenSSL Information Disclosure Oracle +14
NVD Exploit-DB
EPSS 45% CVSS 7.5
HIGH PATCH Act Now

Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1%.

Integer Overflow Denial Of Service OpenSSL +15
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors. Rated medium severity (CVSS 4.1).

Information Disclosure Oracle MySQL +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Enterprise Linux +6
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MariaDB +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Powerkvm +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +6
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +5
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MySQL +16
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Leap +6
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ubuntu Libav +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Leap Opensuse
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Suse Package Hub For Suse Linux Enterprise +3
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

The WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Debian Linux +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +5
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Debian Linux +3
NVD
EPSS 1% CVSS 8.1
HIGH This Week

fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Information Disclosure +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Cacti +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fedora Leap +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mercurial Debian Linux +12
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Debian Linux Mercurial +12
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Optipng +4
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Redis +5
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Leap Opensuse
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Authentication Bypass Salt +1
NVD
EPSS 2% CVSS 7.3
HIGH PATCH This Week

Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Claws Mail Leap +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse +4
NVD
EPSS 22% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
Prev Page 18 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy