Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2019-15692 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.8%
CVE-2019-15691 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.7%
CVE-2019-19966 MEDIUM POC This Month

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +12
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2019-19965 MEDIUM POC This Month

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +14
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2019-19925 HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services Mysql Workbench Debian Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-19923 HIGH PATCH This Week

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Sinec Infrastructure Network Services Mysql Workbench +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.8%
CVE-2019-19953 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.1
EPSS
2.8%
CVE-2019-19951 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Graphicsmagick Debian Linux Backports +1
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-19950 CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Graphicsmagick Debian Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-19949 CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2019-19948 CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-12418 Maven HIGH PATCH This Week

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration. Rated high severity (CVSS 7.0).

Tomcat Information Disclosure Apache Debian Linux Workload Manager +3
NVD
CVSS 3.1
7.0
EPSS
1.2%
CVE-2019-17563 Maven HIGH PATCH This Week

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Session Fixation Tomcat Information Disclosure Apache Debian Linux +9
NVD
CVSS 3.1
7.5
EPSS
10.7%
CVE-2019-18391 MEDIUM PATCH This Month

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption Virglrenderer Leap +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-18390 HIGH PATCH This Week

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Information Disclosure Virglrenderer Leap +2
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2019-18389 HIGH PATCH This Week

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE Memory Corruption Virglrenderer +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-18388 MEDIUM PATCH This Month

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Virglrenderer Leap Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-11050 MEDIUM POC This Month

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
7.6%
CVE-2019-11046 MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

PHP Buffer Overflow Microsoft Information Disclosure Debian Linux +4
NVD
CVSS 3.1
5.3
EPSS
4.1%
CVE-2019-11045 MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fedora Debian Linux Leap +2
NVD
CVSS 3.1
5.9
EPSS
8.8%
CVE-2019-19926 HIGH PATCH This Week

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Sinec Infrastructure Network Services Mysql Workbench +8
NVD GitHub
CVSS 3.1
7.5
EPSS
7.0%
CVE-2019-19918 HIGH POC This Week

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Lout Backports Sle Fedora +1
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2019-19917 HIGH POC This Week

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lout Backports Sle Leap Fedora
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2019-17571 Maven CRITICAL PATCH GHSA Act Now

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8%.

Deserialization RCE Log4J Debian Linux Ubuntu Linux +14
NVD VulDB
CVSS 3.1
9.8
EPSS
33.8%
CVE-2019-16782 Ruby MEDIUM PATCH This Month

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Rack Fedora Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
3.7%
CVE-2019-19880 HIGH PATCH This Week

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite Cloud Backup Debian Linux +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.9%
CVE-2019-16779 Ruby MEDIUM PATCH This Month

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Excon Backports Sle Leap Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
1.4%
CVE-2019-16777 npm MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm Leap Graalvm +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2019-16776 npm HIGH PATCH This Week

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm Leap Graalvm +3
NVD GitHub
CVSS 3.1
8.1
EPSS
3.3%
CVE-2019-16775 npm MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Node.js Enterprise Linux Enterprise Linux Eus npm +3
NVD GitHub
CVSS 3.1
6.5
EPSS
3.3%
CVE-2019-17358 HIGH POC This Week

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Deserialization Cacti Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
3.0%
CVE-2019-19583 HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-19604 HIGH POC This Week

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Debian Linux Fedora Leap
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2019-14889 HIGH PATCH This Week

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Libssh Ubuntu Linux Leap Fedora +2
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2019-14870 MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Fedora Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
5.4
EPSS
2.8%
CVE-2019-14861 MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Fedora Ubuntu Linux Leap +1
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2019-1551 MEDIUM PATCH This Month

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Buffer Overflow Leap Enterprise Manager Ops Center +6
NVD
CVSS 3.1
5.3
EPSS
14.3%
CVE-2019-3690 HIGH This Week

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-19553 HIGH This Week

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Leap Solaris Zfs Storage Appliance +1
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2019-5164 HIGH POC This Week

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE Shadowsocks Libev Backports Sle +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-5163 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Shadowsocks Libev Backports Leap
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2019-13456 MEDIUM POC PATCH This Month

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeradius Enterprise Linux Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-19536 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Leap
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19535 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19531 MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2019-19530 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19527 MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2019-19526 MEDIUM PATCH This Month

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19525 MEDIUM PATCH This Month

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19523 MEDIUM PATCH This Month

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2019-19462 MEDIUM PATCH This Month

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-19451 MEDIUM This Month

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Dia Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-14895 CRITICAL PATCH Act Now

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +5
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2019-19318 MEDIUM POC This Month

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +13
NVD GitHub
CVSS 3.1
4.4
EPSS
0.6%
CVE-2019-19319 MEDIUM POC This Month

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2019-18660 MEDIUM PATCH This Month

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux Fedora +2
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2019-16255 HIGH POC PATCH This Week

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection RCE Ruby Debian Linux Leap +1
NVD
CVSS 3.1
8.1
EPSS
4.2%
CVE-2019-12526 CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Squid Ubuntu Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
20.3%
CVE-2019-12523 CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Squid Ubuntu Linux Fedora Leap +1
NVD
CVSS 3.1
9.1
EPSS
4.3%
CVE-2019-14856 PyPI MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle Leap Openstack
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2019-13720 HIGH POC KEV THREAT This Week

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Use After Free Memory Corruption Chrome +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.0%
CVE-2019-10214 Go MEDIUM PATCH This Month

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Red Hat Buildah Libpod Openshift Container Platform +3
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2019-18622 PHP CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle Fedora Leap
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2019-10206 PyPI MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux Backports Sle Leap
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-18934 HIGH POC PATCH This Week

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Unbound Fedora Leap
NVD GitHub
CVSS 3.1
7.3
EPSS
3.2%
CVE-2019-19083 MEDIUM PATCH This Month

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-19082 MEDIUM PATCH This Month

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-19081 MEDIUM PATCH This Month

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Linux Linux Kernel Leap Enterprise Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
3.3%
CVE-2019-19080 MEDIUM PATCH This Month

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Linux Linux Kernel Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
2.8%
CVE-2019-19077 MEDIUM PATCH This Month

A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-19073 MEDIUM PATCH This Month

Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Leap
NVD GitHub
CVSS 3.1
4.0
EPSS
0.5%
CVE-2019-19068 MEDIUM PATCH This Month

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +3
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-19067 MEDIUM PATCH This Month

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Amd Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-19066 MEDIUM PATCH This Month

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-19065 MEDIUM PATCH This Month

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2019-19063 MEDIUM PATCH This Month

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Sd Wan Edge Ubuntu Linux +15
NVD GitHub
CVSS 3.1
4.6
EPSS
0.9%
CVE-2019-19062 MEDIUM PATCH This Month

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +3
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2019-19060 HIGH PATCH This Week

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Active Iq Unified Manager Aff Baseboard Management Controller +13
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-19058 MEDIUM PATCH This Month

A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Intel Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-19057 LOW PATCH Monitor

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.1
3.3
EPSS
0.8%
CVE-2019-19056 MEDIUM PATCH This Month

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-19054 MEDIUM PATCH This Month

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel Ubuntu Linux Fedora +14
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-19052 HIGH PATCH This Week

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Sd Wan Edge Ubuntu Linux +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-19051 MEDIUM PATCH This Month

A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-19049 HIGH PATCH This Week

A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2019-19046 MEDIUM PATCH This Month

A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-19045 MEDIUM PATCH This Month

A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
4.4
EPSS
0.6%
CVE-2019-14869 HIGH PATCH This Week

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Fedora Leap
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2019-11139 MEDIUM This Month

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Debian Linux Leap Xeon 8153 Firmware +56
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2019-11135 MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora Slackware Apollo 4200 Firmware +156
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
EPSS 5% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE +2
NVD GitHub
EPSS 5% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Tigervnc Leap
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM POC This Month

In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux +14
NVD
EPSS 1% CVSS 4.7
MEDIUM POC This Month

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux +16
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Sqlite Sinec Infrastructure Network Services +9
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buffer over-read in the function EncodeImage of coders/pict.c. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Graphicsmagick +3
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buffer overflow in the function ImportRLEPixels of coders/miff.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Graphicsmagick +3
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +4
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration. Rated high severity (CVSS 7.0).

Tomcat Information Disclosure Apache +5
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Session Fixation Tomcat Information Disclosure +11
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An out-of-bounds read in the vrend_blit_need_swizzle function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_BLIT commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow RCE +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via malformed commands. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Virglrenderer +2
NVD
EPSS 8% CVSS 6.5
MEDIUM POC This Month

When PHP EXIF extension is parsing EXIF information from an image, e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Information Disclosure +5
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

PHP Buffer Overflow Microsoft +6
NVD
EPSS 9% CVSS 5.9
MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fedora +4
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Lout +3
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lout Backports Sle +2
NVD
EPSS 34% CVSS 9.8
CRITICAL PATCH Act Now

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 33.8%.

Deserialization RCE Log4J +16
NVD VulDB
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Rack Fedora +1
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Excon Backports Sle +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm +5
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal npm +5
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Node.js Enterprise Linux +5
NVD GitHub
EPSS 3% CVSS 8.1
HIGH POC This Week

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow Deserialization +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 4% CVSS 7.8
HIGH POC This Week

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Debian Linux +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Libssh Ubuntu Linux +4
NVD
EPSS 3% CVSS 5.4
MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Fedora +3
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Fedora +3
NVD
EPSS 14% CVSS 5.3
MEDIUM PATCH This Month

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Buffer Overflow +8
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Leap
NVD
EPSS 4% CVSS 7.5
HIGH This Week

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Leap +3
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE +3
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Shadowsocks Libev Backports +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Freeradius Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Dia Fedora +1
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Linux +7
NVD
EPSS 1% CVSS 4.4
MEDIUM POC This Month

In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Information Disclosure +15
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Use After Free Linux +4
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +4
NVD
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection RCE Ruby +3
NVD
EPSS 20% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Squid +4
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

An issue was discovered in Squid before 4.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Squid Ubuntu Linux +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a None. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ansible Backports Sle +2
NVD
EPSS 73% CVSS 8.8
HIGH POC KEV THREAT This Week

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Use After Free +3
NVD Exploit-DB
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Red Hat Buildah +5
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in phpMyAdmin before 4.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Phpmyadmin Backports Sle +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Debian Linux +2
NVD
EPSS 3% CVSS 7.3
HIGH POC PATCH This Week

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Unbound +2
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd +3
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). Rated medium severity (CVSS 4.7).

Denial Of Service Linux Amd +3
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Amd +3
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +15
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Intel +4
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +4
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Linux Kernel +16
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +3
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER`. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ghostscript Fedora +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Debian Linux +58
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora +158
NVD VulDB
Prev Page 8 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy