Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2020-1747 PyPI CRITICAL PATCH Act Now

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Pyyaml Fedora Leap +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.3%
CVE-2020-10593 HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-10592 HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Leap
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-10803 PHP MEDIUM PATCH This Month

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi PHP Phpmyadmin Debian Linux +4
NVD
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-10802 PHP HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Phpmyadmin Debian Linux Fedora +3
NVD
CVSS 3.1
8.0
EPSS
2.1%
CVE-2020-10804 PHP HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phpmyadmin Fedora Backports Sle +2
NVD
CVSS 3.1
8.0
EPSS
2.7%
CVE-2020-5267 Ruby MEDIUM POC PATCH This Month

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Actionview Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-10648 HIGH POC PATCH CISA Act Now

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass U Boot Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
Threat
5.1
CVE-2020-0556 HIGH PATCH This Week

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Privilege Escalation Bluez Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-10531 HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode Enterprise Linux Desktop Enterprise Linux Server +8
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-7598 npm MEDIUM POC PATCH This Month

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Minimist Leap
NVD
CVSS 3.1
5.6
EPSS
1.9%
CVE-2020-10029 MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical Glibc Fedora +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-10018 CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Use After Free +6
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-8013 LOW Monitor

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for. Rated low severity (CVSS 2.5). No vendor patch available.

Information Disclosure Linux Enterprise Server Leap
NVD
CVSS 3.1
2.5
EPSS
0.3%
CVE-2020-9431 HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Leap Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2020-9430 HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-9429 HIGH This Week

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Leap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9428 HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Wireshark Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-7063 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tenable Sc Debian Linux Leap
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-7062 HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service PHP Leap +2
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-3868 HIGH PATCH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-3867 MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apple Icloud Itunes +6
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-3865 HIGH PATCH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Memory Corruption Apple RCE +7
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-3862 MEDIUM PATCH This Month

A denial of service issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-7043 CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
CVE-2020-7042 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-7041 MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn Fedora Backports Sle +1
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-9383 HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.16 through 5.5.6. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +10
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-1938 Maven CRITICAL POC KEV PATCH THREAT Act Now

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache File Upload RCE Tomcat Geode +19
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.3%
CVE-2020-1935 Maven MEDIUM PATCH This Month

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Request Smuggling Tomcat Information Disclosure Debian Linux +18
NVD
CVSS 3.1
4.8
EPSS
9.4%
CVE-2020-8130 Ruby MEDIUM POC PATCH This Month

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Rake Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-9273 HIGH This Week

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Proftpd Debian Linux +5
NVD GitHub
CVSS 3.1
8.8
EPSS
12.0%
CVE-2020-9272 HIGH PATCH This Week

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Proftpd Simatic Net Cp 1543 1 Firmware Simatic Net Cp 1545 1 Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-8992 MEDIUM PATCH This Month

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel Ubuntu Linux Leap +7
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-0561 HIGH This Week

Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Software Guard Extensions Sdk Backports Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8955 CRITICAL PATCH Act Now

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Weechat Fedora Backports Sle +2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-1711 MEDIUM PATCH This Month

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service RCE Heap Overflow Qemu +4
NVD
CVSS 3.1
6.0
EPSS
4.0%
CVE-2020-7060 CRITICAL POC PATCH Act Now

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.1
EPSS
8.9%
CVE-2020-7059 CRITICAL POC PATCH Act Now

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Tenable Sc Communications Diameter Signaling Router +2
NVD
CVSS 3.1
9.1
EPSS
7.1%
CVE-2020-1700 MEDIUM This Month

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Openshift Container Storage Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-8608 MEDIUM PATCH This Month

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libslirp Debian Linux Leap
NVD
CVSS 3.1
5.6
EPSS
2.5%
CVE-2020-8649 MEDIUM POC This Month

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-8648 HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +8
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-8647 MEDIUM PATCH This Month

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2020-7216 HIGH This Week

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wicked Leap
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-8632 MEDIUM PATCH This Month

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Brute Force Cloud Init Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8631 MEDIUM PATCH This Month

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cloud Init Leap Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-5208 HIGH PATCH This Week

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Ipmitool Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2020-8517 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Leap Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-8450 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Squid Ubuntu Linux Leap Fedora +1
NVD
CVSS 3.1
7.3
EPSS
71.8%
CVE-2020-8449 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Squid Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2020-8492 MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2020-8432 CRITICAL Act Now

In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE U Boot Leap
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-0549 MEDIUM This Month

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Linux Fedora Leap Debian Linux Core I5 9400F Firmware +425
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-7040 HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux Backports Sle Leap +1
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2020-5202 MEDIUM POC PATCH This Month

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apt Cacher Ng Debian Linux Backports Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-7039 MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Libslirp Qemu +2
NVD
CVSS 3.1
5.6
EPSS
3.6%
CVE-2020-7106 MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux Backports Sle +4
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2020-7044 HIGH POC PATCH This Week

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Wireshark Fedora Leap +2
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-2659 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2654 LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
3.8%
CVE-2020-2604 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization Commerce Experience Manager Commerce Guided Search +25
NVD
CVSS 3.1
8.1
EPSS
4.9%
CVE-2020-2601 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +21
NVD
CVSS 3.1
6.8
EPSS
4.2%
CVE-2020-2593 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +22
NVD
CVSS 3.1
4.8
EPSS
3.0%
CVE-2020-2590 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +22
NVD
CVSS 3.1
3.7
EPSS
3.1%
CVE-2020-2583 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +22
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2020-2574 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL MariaDB Active Iq Unified Manager +5
NVD
CVSS 3.1
5.9
EPSS
3.5%
CVE-2020-6377 HIGH POC This Week

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +6
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-1765 MEDIUM PATCH This Month

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Otrs Debian Linux Backports Sle Leap
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-6615 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6614 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6613 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6612 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2020-6611 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-6610 MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-6609 HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-5496 HIGH POC This Week

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Fontforge Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-5395 HIGH POC This Week

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Fontforge Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-19927 MEDIUM POC PATCH This Month

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Ubuntu Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
6.0
EPSS
0.8%
CVE-2019-20095 MEDIUM This Month

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Leap Active Iq Unified Manager +11
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-20053 MEDIUM POC This Month

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Upx Backports Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-20015 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20014 HIGH POC PATCH This Week

An issue was discovered in GNU LibreDWG before 0.93. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-20013 MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20012 MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-20011 HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-20010 HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Libredwg Backports Sle +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2019-20009 MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2019-15695 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-15694 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Pyyaml +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports Sle +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tor Backports +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi PHP +6
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Phpmyadmin +5
NVD
EPSS 3% CVSS 8.0
HIGH PATCH This Week

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Phpmyadmin +4
NVD
EPSS 2% CVSS 4.8
MEDIUM POC PATCH This Month

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Actionview Debian Linux +2
NVD GitHub
EPSS 0% 5.1 CVSS 7.8
HIGH POC PATCH Act Now

Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass U Boot Leap
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Privilege Escalation Bluez +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode +10
NVD GitHub
EPSS 2% CVSS 5.6
MEDIUM POC PATCH This Month

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Prototype Pollution Information Disclosure Minimist +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical +11
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple +8
NVD
EPSS 0% CVSS 2.5
LOW Monitor

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for. Rated low severity (CVSS 2.5). No vendor patch available.

Information Disclosure Linux Enterprise Server Leap
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Leap +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Fedora +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Wireshark +3
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Tenable Sc +2
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service +4
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Memory Corruption +9
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Apple +8
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Microsoft Buffer Overflow Memory Corruption +9
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A denial of service issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Apple +7
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Openfortivpn +3
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.16 through 5.5.6. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +12
NVD GitHub
EPSS 99% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache File Upload RCE +21
NVD Exploit-DB
EPSS 9% CVSS 4.8
MEDIUM PATCH This Month

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Request Smuggling Tomcat +20
NVD
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Rake Ubuntu Linux +3
NVD
EPSS 12% CVSS 8.8
HIGH This Week

In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE +7
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Proftpd +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel +9
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Software Guard Extensions Sdk +2
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Weechat +4
NVD GitHub
EPSS 4% CVSS 6.0
MEDIUM PATCH This Month

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service RCE +6
NVD
EPSS 9% CVSS 9.1
CRITICAL POC PATCH Act Now

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure +4
NVD
EPSS 7% CVSS 9.1
CRITICAL POC PATCH Act Now

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Openshift Container Storage +2
NVD
EPSS 2% CVSS 5.6
MEDIUM PATCH This Month

In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libslirp Debian Linux +1
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption +4
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption +10
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wicked Leap
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Brute Force Cloud Init +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cloud Init Leap +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Ipmitool +3
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Leap +1
NVD
EPSS 72% CVSS 7.3
HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Squid Ubuntu Linux +3
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Squid Debian Linux +3
NVD
EPSS 7% CVSS 6.5
MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE U Boot Leap
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Linux Fedora Leap +427
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apt Cacher Ng Debian Linux +2
NVD
EPSS 4% CVSS 5.6
MEDIUM PATCH This Month

tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +4
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti +6
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Wireshark +4
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization +27
NVD
EPSS 4% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +23
NVD
EPSS 3% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +24
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +24
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +24
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL +7
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +8
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Otrs Debian Linux +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libredwg +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Fontforge +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Ubuntu +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +13
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Upx Backports +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in GNU LibreDWG before 0.93. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in GNU LibreDWG 0.92. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libredwg +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in GNU LibreDWG 0.92. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in GNU LibreDWG before 0.93. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libredwg Backports Sle +1
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow RCE +2
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +2
NVD GitHub
Prev Page 7 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy