Skip to main content

Linux Enterprise Server

328 CVEs product

Monthly

CVE-2015-2696 HIGH PATCH This Week

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Kerberos 5 Leap Opensuse Linux Enterprise Desktop +4
NVD GitHub
CVSS 2.0
7.1
EPSS
8.3%
CVE-2015-2695 MEDIUM PATCH This Month

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos 5 Solaris Ubuntu Linux Debian Linux +5
NVD GitHub
CVSS 2.0
5.0
EPSS
5.4%
CVE-2015-6855 HIGH This Week

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux Fedora Linux Enterprise Desktop +3
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2015-4830 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security :. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +14
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-1781 MEDIUM This Month

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Debuginfo Linux Enterprise Desktop +4
NVD
CVSS 2.0
6.8
EPSS
7.3%
CVE-2015-5165 CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora Linux Enterprise Debuginfo Linux Enterprise Server +20
NVD
CVSS 2.0
9.3
EPSS
13.2%
CVE-2015-5154 HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen Linux Enterprise Debuginfo Linux Enterprise Desktop +5
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-1283 MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Chrome +12
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-2738 CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Linux Enterprise Desktop Linux Enterprise Server +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2737 CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Ubuntu Linux +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-2734 CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +7
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2015-3209 HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE Qemu Junos Space +16
NVD
CVSS 2.0
7.5
EPSS
20.6%
CVE-2015-4106 MEDIUM This Month

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Qemu Debian Linux Fedora +5
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2576 LOW PATCH Monitor

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Oracle Information Disclosure Microsoft Linux Enterprise Desktop Linux Enterprise Server +2
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-2575 Maven MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Information Disclosure Oracle Debian Linux Linux Enterprise Desktop Linux Enterprise Server +2
NVD
CVSS 2.0
4.9
EPSS
1.8%
CVE-2015-2573 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris MySQL MariaDB +11
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-2571 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +11
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2568 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Communications Policy Management MySQL +12
NVD
CVSS 2.0
5.0
EPSS
4.0%
CVE-2015-0505 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +11
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0501 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Junos Space MySQL Debian Linux +11
NVD
CVSS 2.0
5.7
EPSS
1.7%
CVE-2015-0499 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +11
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0492 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Opensuse Linux Enterprise Server +3
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2015-0484 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +3
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-0441 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Debian Linux Ubuntu Linux +10
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0433 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management MySQL Solaris +12
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-6501 MEDIUM This Month

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

PHP Code Injection Linux Enterprise Server
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-8160 MEDIUM PATCH This Month

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Linux Authentication Bypass Linux Kernel Opensuse Linux Enterprise Desktop +12
NVD GitHub
CVSS 2.0
5.0
EPSS
2.9%
CVE-2015-0432 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Ubuntu Linux Debian Linux +11
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0391 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Enterprise Linux Desktop Enterprise Linux Eus +9
NVD
CVSS 2.0
4.0
EPSS
3.1%
CVE-2015-0382 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management Solaris MySQL +14
NVD
CVSS 2.0
4.3
EPSS
15.2%
CVE-2015-0381 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris MySQL Ubuntu Linux +14
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2015-0374 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Debian Linux Fedora +13
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6568 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Eus +13
NVD
CVSS 2.0
3.5
EPSS
2.9%
CVE-2014-9585 LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +16
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-9584 LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +15
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-7815 MEDIUM This Month

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +7
NVD
CVSS 2.0
5.0
EPSS
5.2%
CVE-2014-0223 MEDIUM POC PATCH This Month

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Linux Enterprise Server Qemu
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0222 HIGH POC PATCH This Week

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Enterprise Server Qemu
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-6564 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2014-6559 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space MariaDB Solaris +5
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-6555 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB MySQL Linux Enterprise Desktop +3
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2014-6551 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +4
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6530 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +4
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6520 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-6507 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB Solaris MySQL +4
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-6505 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-6496 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space Solaris MariaDB +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6495 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL Solaris Junos Space +5
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-6494 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB Solaris Junos Space +5
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-6484 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-6478 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space MySQL Solaris +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6474 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL MariaDB Linux Enterprise Desktop +3
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-6469 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB MySQL Solaris +4
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-6464 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2014-6463 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL Linux Enterprise Desktop +4
NVD
CVSS 2.0
3.3
EPSS
0.6%
CVE-2014-4287 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-3601 MEDIUM POC PATCH This Month

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1). Rated medium severity (CVSS 4.3). Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Enterprise Real Time Extension Evergreen +4
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5077 HIGH PATCH Act Now

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.8%.

Denial Of Service Linux Null Pointer Dereference Microsoft Linux Kernel +7
NVD GitHub
CVSS 2.0
7.1
EPSS
12.8%
CVE-2014-4943 MEDIUM POC PATCH This Month

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Rated medium severity (CVSS 6.9). Public exploit code available.

Privilege Escalation Linux Linux Kernel Opensuse Linux Enterprise Desktop +3
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
1.0%
CVE-2014-4260 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +5
NVD
CVSS 2.0
5.5
EPSS
0.5%
CVE-2014-4258 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Vcenter Server Appliance Solaris +9
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-4243 LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris MySQL MariaDB +3
NVD
CVSS 2.0
2.8
EPSS
0.7%
CVE-2014-4214 LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop Linux Enterprise Server MySQL
NVD
CVSS 2.0
3.3
EPSS
1.1%
CVE-2014-4207 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +4
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2014-2494 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server +4
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-2484 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Linux Enterprise Desktop Linux Enterprise Server
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-4667 MEDIUM PATCH This Month

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.

Denial Of Service Linux Linux Kernel Linux Enterprise Desktop Linux Enterprise Real Time Extension +3
NVD GitHub
CVSS 2.0
5.0
EPSS
14.1%
CVE-2014-4656 MEDIUM PATCH This Month

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Linux Enterprise Server +7
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4655 MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Linux Linux Kernel Linux Enterprise Server +1
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-4654 MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4653 MEDIUM PATCH This Month

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4652 LOW PATCH Monitor

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users. Rated low severity (CVSS 1.9).

Information Disclosure Race Condition Linux Linux Kernel Linux Enterprise Server +4
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4608 HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux Buffer Overflow Linux Kernel +4
NVD GitHub
CVSS 3.1
7.3
EPSS
8.6%
CVE-2014-4027 LOW PATCH Monitor

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain. Rated low severity (CVSS 2.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Enterprise Linux Ubuntu Linux +23
NVD GitHub
CVSS 2.0
2.3
EPSS
0.1%
CVE-2014-4039 LOW Monitor

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Linux Server Ppc64 Diag Linux Enterprise Server
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4038 MEDIUM This Month

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Linux Enterprise Server Ppc64 Diag Enterprise Linux Server
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-3470 MEDIUM PATCH This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 91.4%.

OpenSSL Denial Of Service Null Pointer Dereference Storage Fedora +8
NVD
CVSS 2.0
4.3
EPSS
91.4%
CVE-2014-0221 MEDIUM PATCH This Month

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 82.1%.

Denial Of Service OpenSSL Storage Fedora Enterprise Linux +7
NVD
CVSS 2.0
4.3
EPSS
82.1%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2014-1738 LOW Monitor

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Eus Debian Linux +4
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-1737 HIGH This Week

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux Linux Enterprise Desktop +4
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-0198 MEDIUM PATCH This Month

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

OpenSSL Denial Of Service Null Pointer Dereference MariaDB Fedora +6
NVD VulDB
CVSS 2.0
4.3
EPSS
33.0%
CVE-2014-0181 LOW PATCH Monitor

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Evergreen Enterprise Linux Desktop +4
NVD VulDB
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-0131 LOW PATCH Monitor

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the. Rated low severity (CVSS 2.9). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Linux Use After Free Linux Kernel +2
NVD GitHub VulDB
CVSS 2.0
2.9
EPSS
0.1%
CVE-2014-2497 MEDIUM POC PATCH THREAT This Month

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.1%.

Denial Of Service PHP Null Pointer Dereference Ubuntu Linux Linux Enterprise Server +9
NVD VulDB
CVSS 2.0
4.3
EPSS
12.1%
CVE-2014-1504 LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation Firefox Seamonkey +5
NVD VulDB
CVSS 2.0
2.6
EPSS
0.6%
CVE-2014-1502 MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse Linux Enterprise Desktop Linux Enterprise Server +4
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-1501 MEDIUM This Month

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google Solaris Firefox +3
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
EPSS 8% CVSS 7.1
HIGH PATCH This Week

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Kerberos 5 Leap +6
NVD GitHub
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos 5 Solaris +7
NVD GitHub
EPSS 6% CVSS 7.5
HIGH This Week

hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux +5
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security :. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +16
NVD
EPSS 7% CVSS 6.8
MEDIUM This Month

Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow +6
NVD
EPSS 13% CVSS 9.3
CRITICAL PATCH Act Now

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.2%.

Information Disclosure Xen Fedora +22
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

RCE Buffer Overflow Xen +7
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google +14
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux +9
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +9
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop +9
NVD
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Memory Corruption Buffer Overflow RCE +18
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Qemu +7
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Oracle Information Disclosure Microsoft +4
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Information Disclosure Oracle Debian Linux +4
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris +13
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +13
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +14
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop +13
NVD
EPSS 2% CVSS 5.7
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Junos Space +13
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL +13
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +5
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +5
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +12
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management +14
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

PHP Code Injection Linux Enterprise Server
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Linux Authentication Bypass Linux Kernel +14
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +13
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management +16
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris +16
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +15
NVD
EPSS 3% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +15
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel +18
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +17
NVD GitHub
EPSS 5% CVSS 5.0
MEDIUM This Month

The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Qemu Debian Linux +9
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Linux Enterprise Server Qemu
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +5
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB +5
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris +6
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +6
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +5
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB +6
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB +7
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL +5
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB +6
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +5
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +6
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +5
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1). Rated medium severity (CVSS 4.3). Public exploit code available.

Denial Of Service Linux Buffer Overflow +6
NVD GitHub
EPSS 13% CVSS 7.1
HIGH PATCH Act Now

The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.8%.

Denial Of Service Linux Null Pointer Dereference +9
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Rated medium severity (CVSS 6.9). Public exploit code available.

Privilege Escalation Linux Linux Kernel +5
NVD Exploit-DB GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 2.8
LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris +5
NVD
EPSS 1% CVSS 3.3
LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop +6
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +2
NVD
EPSS 14% CVSS 5.0
MEDIUM PATCH This Month

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 14.1%.

Denial Of Service Linux Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux +9
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands,. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux +4
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Linux +4
NVD GitHub
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users. Rated low severity (CVSS 1.9).

Information Disclosure Race Condition Linux +6
NVD GitHub
EPSS 9% CVSS 7.3
HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux +6
NVD GitHub
EPSS 0% CVSS 2.3
LOW PATCH Monitor

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain. Rated low severity (CVSS 2.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +25
NVD GitHub
EPSS 0% CVSS 2.1
LOW Monitor

ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Linux Server Ppc64 Diag +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Linux Enterprise Server Ppc64 Diag +1
NVD
EPSS 91% CVSS 4.3
MEDIUM PATCH This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 91.4%.

OpenSSL Denial Of Service Null Pointer Dereference +10
NVD
EPSS 82% CVSS 4.3
MEDIUM PATCH This Month

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 82.1%.

Denial Of Service OpenSSL Storage +9
NVD
EPSS 9% CVSS 5.0
MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls +13
NVD
EPSS 11% CVSS 7.5
HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 +13
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +14
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +6
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel +6
NVD GitHub
EPSS 33% CVSS 4.3
MEDIUM PATCH This Month

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

OpenSSL Denial Of Service Null Pointer Dereference +8
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel +6
NVD VulDB
EPSS 0% CVSS 2.9
LOW PATCH Monitor

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the. Rated low severity (CVSS 2.9). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Memory Corruption Linux +4
NVD GitHub VulDB
EPSS 12% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 12.1%.

Denial Of Service PHP Null Pointer Dereference +11
NVD VulDB
EPSS 1% CVSS 2.6
LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation +7
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse +6
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google +5
NVD VulDB
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy