Skip to main content

Openstack Cloud

28 CVEs product

Monthly

CVE-2022-27239 HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils Debian Linux Caas Platform +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-6556 LOW PATCH Monitor

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux Lxc Caas Platform Openstack Cloud +2
NVD
CVSS 3.0
3.3
EPSS
0.3%
CVE-2018-1000603 Maven HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Openstack Cloud
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-13088 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-13087 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame,. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2017-13086 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2017-13084 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2017-13082 HIGH POC This Week

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD GitHub
CVSS 3.0
8.1
EPSS
0.7%
CVE-2017-13081 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2017-13080 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2017-13079 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2017-13078 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
5.3
EPSS
0.7%
CVE-2017-13077 MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Freebsd Leap +8
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2015-5300 HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo Leap Opensuse +16
NVD
CVSS 3.0
7.5
EPSS
36.8%
CVE-2015-5219 HIGH PATCH This Week

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo Linux Enterprise Server Manager +13
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2015-5194 HIGH PATCH This Week

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo Linux Enterprise Server Manager +9
NVD GitHub
CVSS 3.0
7.5
EPSS
8.4%
CVE-2017-7995 LOW Monitor

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Manager Manager Proxy Openstack Cloud +2
NVD
CVSS 3.0
3.8
EPSS
0.1%
CVE-2016-4957 HIGH PATCH Act Now

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1%.

Denial Of Service Null Pointer Dereference Ntp Solaris Manager Proxy +6
NVD
CVSS 3.1
7.5
EPSS
59.1%
CVE-2016-4956 MEDIUM This Month

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Solaris Manager Proxy Openstack Cloud +6
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2016-4955 MEDIUM PATCH This Month

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Ntp Solaris Manager Proxy +7
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2016-4954 HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-4953 HIGH PATCH Act Now

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Authentication Bypass Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
13.6%
CVE-2016-0264 MEDIUM This Month

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.9% and no vendor patch available.

IBM RCE Buffer Overflow Java Linux Enterprise Server +12
NVD
CVSS 3.1
5.6
EPSS
12.9%
CVE-2016-2324 CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
22.1%
CVE-2016-2315 CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2016-1286 HIGH Act Now

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.6% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo Manager Manager Proxy +10
NVD
CVSS 3.1
8.6
EPSS
53.6%
CVE-2016-1285 MEDIUM This Month

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 69.0% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo Manager Manager Proxy +10
NVD
CVSS 3.1
6.8
EPSS
69.0%
CVE-2015-3281 MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy Ubuntu Linux Openstack Cloud +8
NVD
CVSS 2.0
5.0
EPSS
0.1%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils +18
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Ubuntu Linux Lxc +4
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame,. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay,. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +10
NVD
EPSS 37% CVSS 7.5
HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo +18
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo +15
NVD GitHub
EPSS 8% CVSS 7.5
HIGH PATCH This Week

The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fedora Linux Enterprise Debuginfo +11
NVD GitHub
EPSS 0% CVSS 3.8
LOW Monitor

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Manager +4
NVD
EPSS 59% CVSS 7.5
HIGH PATCH Act Now

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1%.

Denial Of Service Null Pointer Dereference Ntp +8
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Solaris +8
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Ntp +9
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp +11
NVD
EPSS 14% CVSS 7.5
HIGH PATCH Act Now

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Authentication Bypass Ntp +11
NVD
EPSS 13% CVSS 5.6
MEDIUM This Month

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 12.9% and no vendor patch available.

IBM RCE Buffer Overflow +14
NVD
EPSS 22% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 54% CVSS 8.6
HIGH Act Now

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.6% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo +12
NVD
EPSS 69% CVSS 6.8
MEDIUM This Month

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 69.0% and no vendor patch available.

Denial Of Service Bind Linux Enterprise Debuginfo +12
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy