Skip to main content

Linux Enterprise Debuginfo

37 CVEs product

Monthly

CVE-2019-11038 MEDIUM POC This Month

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Libgd Ubuntu Linux Debian Linux +9
NVD GitHub
CVSS 3.1
5.3
EPSS
4.3%
CVE-2017-14491 CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service RCE Dnsmasq +20
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
57.8%
Threat
5.2
CVE-2015-5300 HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo Leap Opensuse +16
NVD
CVSS 3.0
7.5
EPSS
36.8%
CVE-2015-5219 HIGH PATCH This Week

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo Linux Enterprise Server Manager +13
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2015-5194 HIGH PATCH This Week

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo Linux Enterprise Server Manager +9
NVD GitHub
CVSS 3.0
7.5
EPSS
8.4%
CVE-2015-8567 HIGH PATCH This Week

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Ubuntu Linux Debian Linux Linux Enterprise Debuginfo +6
NVD
CVSS 3.1
7.7
EPSS
3.5%
CVE-2014-9853 MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo Leap Opensuse +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-2318 MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-2317 MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-7976 MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo Manager Manager Proxy +6
NVD VulDB
CVSS 3.0
4.3
EPSS
3.2%
CVE-2016-5772 CRITICAL POC PATCH THREAT Act Now

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.9%.

RCE PHP Denial Of Service Linux Enterprise Debuginfo Leap +4
NVD GitHub
CVSS 3.1
9.8
EPSS
15.9%
CVE-2015-8808 MEDIUM This Month

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Graphicsmagick Linux Enterprise Debuginfo Studio Onsite +2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-5244 HIGH PATCH This Week

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Fedora Linux Enterprise Real Time Extension Linux Enterprise Debuginfo +8
NVD GitHub
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-5118 CRITICAL Emergency

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.8% and no vendor patch available.

RCE Graphicsmagick Linux Enterprise Debuginfo Studio Onsite Linux Enterprise Software Development Kit +10
NVD
CVSS 3.1
9.8
EPSS
31.8%
CVE-2016-0718 CRITICAL PATCH Act Now

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Firefox Mac Os X +12
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2016-2782 MEDIUM POC PATCH This Month

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Linux Enterprise Debuginfo +6
NVD GitHub Exploit-DB
CVSS 3.1
4.6
EPSS
0.5%
CVE-2016-0651 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL MariaDB Linux Enterprise Debuginfo +12
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-0642 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MySQL Linux Enterprise Debuginfo Leap +14
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2015-8779 CRITICAL Act Now

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Opensuse +8
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2015-8778 CRITICAL Act Now

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Fedora Debian Linux +8
NVD
CVSS 3.0
9.8
EPSS
5.3%
CVE-2015-8776 CRITICAL Act Now

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Enterprise Debuginfo Opensuse Linux Enterprise Desktop Linux Enterprise Server +6
NVD
CVSS 3.0
9.1
EPSS
4.3%
CVE-2014-9761 CRITICAL Act Now

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Opensuse +7
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2016-3630 PyPI HIGH PATCH This Week

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fedora Leap Mercurial Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
5.2%
CVE-2016-3069 PyPI HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mercurial Debian Linux Linux Enterprise Debuginfo Opensuse +10
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2016-3068 PyPI HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Debian Linux Mercurial Fedora Enterprise Linux Desktop +10
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2016-2324 CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
22.1%
CVE-2016-2315 CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2016-1286 HIGH Act Now

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.6% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo Manager Manager Proxy +10
NVD
CVSS 3.1
8.6
EPSS
53.6%
CVE-2016-1285 MEDIUM This Month

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 69.0% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo Manager Manager Proxy +10
NVD
CVSS 3.1
6.8
EPSS
69.0%
CVE-2015-7547 HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 94.0%.

Denial Of Service RCE Buffer Overflow Debian Linux Ubuntu Linux +28
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
94.0%
Threat
5.9
CVE-2015-0272 MEDIUM PATCH This Month

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Networkmanager Linux Enterprise Debuginfo Linux Enterprise Desktop Linux Enterprise Real Time Extension +5
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-1781 MEDIUM This Month

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Linux Enterprise Desktop +4
NVD
CVSS 2.0
6.8
EPSS
7.3%
CVE-2015-5165 CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora Linux Enterprise Debuginfo Linux Enterprise Server +20
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2015-5154 HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen Linux Enterprise Debuginfo Linux Enterprise Desktop +5
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-1283 MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Chrome +12
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-3209 HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE Qemu Junos Space +16
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2013-4458 MEDIUM POC PATCH This Month

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Glibc Linux Enterprise Debuginfo Linux Enterprise Server
NVD
CVSS 2.0
5.0
EPSS
1.2%
EPSS 4% CVSS 5.3
MEDIUM POC This Month

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Libgd +11
NVD GitHub
EPSS 58% 5.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow Memory Corruption Denial Of Service +22
NVD Exploit-DB
EPSS 37% CVSS 7.5
HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo +18
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo +15
NVD GitHub
EPSS 8% CVSS 7.5
HIGH PATCH This Week

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo +11
NVD GitHub
EPSS 4% CVSS 7.7
HIGH PATCH This Week

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Ubuntu Linux +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo +8
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick +6
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo +8
NVD VulDB
EPSS 16% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.9%.

RCE PHP Denial Of Service +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Graphicsmagick +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Fedora +10
NVD GitHub
EPSS 32% CVSS 9.8
CRITICAL Emergency

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.8% and no vendor patch available.

RCE Graphicsmagick Linux Enterprise Debuginfo +12
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +14
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference +8
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL +14
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated. Rated medium severity (CVSS 4.7).

Information Disclosure Oracle MySQL +16
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +10
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +10
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Enterprise Debuginfo Opensuse +8
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +9
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Fedora Leap +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Mercurial Debian Linux +12
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Debian Linux Mercurial +12
NVD
EPSS 22% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 54% CVSS 8.6
HIGH Act Now

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.6% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo +12
NVD
EPSS 69% CVSS 6.8
MEDIUM This Month

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 69.0% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo +12
NVD
EPSS 94% 5.9 CVSS 8.1
HIGH POC PATCH THREAT Act Now

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 94.0%.

Denial Of Service RCE Buffer Overflow +30
NVD Exploit-DB
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Networkmanager Linux Enterprise Debuginfo +7
NVD
EPSS 7% CVSS 6.8
MEDIUM This Month

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow +6
NVD
EPSS 13% CVSS 9.3
CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora +22
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen +7
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google +14
NVD
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE +18
NVD
EPSS 1% CVSS 5.0
MEDIUM POC PATCH This Month

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.18 and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Glibc +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy