Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2016-1254 HIGH PATCH This Week

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tor Debian Linux Fedora +2
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2014-4616 PyPI MEDIUM POC PATCH This Month

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Python Simplejson Opensuse
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2014-3462 HIGH This Week

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse Encfs
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2015-5203 MEDIUM This Month

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fedora Leap Opensuse Jasper
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2015-5221 MEDIUM PATCH This Month

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Fedora Leap +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-5300 HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo Leap Opensuse +16
NVD
CVSS 3.0
7.5
EPSS
36.8%
CVE-2014-8127 MEDIUM This Month

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff Opensuse
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2016-9843 CRITICAL Act Now

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

Information Disclosure Zlib Leap Opensuse Debian Linux +20
NVD GitHub
CVSS 3.1
9.8
EPSS
15.1%
CVE-2016-9842 HIGH PATCH Act Now

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1%.

Information Disclosure Zlib Leap Opensuse Debian Linux +15
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
12.1%
CVE-2016-9841 CRITICAL Act Now

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Information Disclosure Zlib Leap Opensuse Debian Linux +35
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
13.5%
CVE-2016-9840 HIGH PATCH Act Now

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.0%.

Information Disclosure Boost Zlib Leap Opensuse +16
NVD GitHub
CVSS 3.1
8.8
EPSS
10.0%
CVE-2016-5178 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Leap Opensuse +4
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-5177 HIGH This Week

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google Use After Free Chrome +6
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2016-2347 HIGH POC PATCH This Week

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Leap Opensuse Debian Linux +1
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2015-8567 HIGH PATCH This Week

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Ubuntu Linux Debian Linux Linux Enterprise Debuginfo +6
NVD
CVSS 3.1
7.7
EPSS
3.5%
CVE-2016-4068 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2015-8864 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse Roundcube Webmail Webmail
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-9959 HIGH POC PATCH This Week

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Leap Opensuse Linux Enterprise +5
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-9958 HIGH POC PATCH This Week

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Leap Opensuse Linux Enterprise Linux Enterprise Desktop +4
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-9957 HIGH POC PATCH This Week

Stack-based buffer overflow in game-music-emu before 0.6.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Leap Opensuse Linux Enterprise Linux Enterprise Desktop +4
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2014-9114 HIGH PATCH This Week

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Opensuse Fedora Util Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2014-9851 HIGH PATCH This Week

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2014-9850 HIGH PATCH This Week

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9849 HIGH PATCH This Week

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9848 HIGH PATCH This Week

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2014-9847 CRITICAL PATCH Act Now

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Studio Onsite Opensuse Leap Suse Linux Enterprise Debuginfo +6
NVD
CVSS 3.0
9.8
EPSS
5.8%
CVE-2014-9846 CRITICAL PATCH Act Now

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Studio Onsite Leap Opensuse Suse Linux Enterprise Debuginfo +6
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2014-9845 MEDIUM PATCH This Month

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Studio Onsite Leap Opensuse +7
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2014-9844 MEDIUM PATCH This Month

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Studio Onsite Opensuse +8
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-9843 CRITICAL PATCH Act Now

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2014-9842 HIGH PATCH This Week

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +5
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2014-9841 CRITICAL PATCH Act Now

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensuse Leap Suse Linux Enterprise Desktop Suse Linux Enterprise Server +4
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2014-9854 HIGH PATCH This Week

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap Opensuse Linux Enterprise Server +3
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2014-9853 MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo Leap Opensuse +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2014-9852 CRITICAL PATCH Act Now

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse Linux Enterprise Desktop Linux Enterprise Server +3
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2016-7972 HIGH PATCH This Week

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse Fedora Libass
NVD GitHub
CVSS 3.0
7.5
EPSS
3.1%
CVE-2016-7969 HIGH PATCH This Week

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Leap Opensuse +2
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2016-9830 MEDIUM PATCH This Month

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-8677 HIGH PATCH This Week

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2016-8866 HIGH POC PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Leap Opensuse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2016-8693 HIGH POC PATCH This Week

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Jasper Opensuse Fedora
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2016-8684 HIGH PATCH This Week

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Graphicsmagick Opensuse Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2016-8683 HIGH PATCH This Week

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Graphicsmagick Opensuse Debian Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-8682 HIGH PATCH This Week

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-7800 HIGH This Week

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick Leap Opensuse +1
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-7449 HIGH This Week

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Graphicsmagick Debian Linux +2
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2016-7448 HIGH This Week

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2016-7447 CRITICAL Act Now

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2016-7446 CRITICAL Act Now

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2016-8569 MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 Fedora Leap +2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-8568 MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Fedora Leap +3
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-5241 MEDIUM PATCH This Month

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux Leap Opensuse
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-2318 MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-2317 MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick Debian Linux Linux Enterprise Debuginfo +4
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-7976 MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo Manager Manager Proxy +6
NVD VulDB
CVSS 3.0
4.3
EPSS
3.2%
CVE-2016-9453 HIGH This Week

The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service RCE Libtiff +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-9448 HIGH This Week

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Opensuse
NVD VulDB
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-5323 HIGH This Week

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff Opensuse
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-5321 MEDIUM This Month

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse Libtiff
NVD VulDB
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-5317 MEDIUM This Month

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Opensuse Leap
NVD VulDB
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-5316 MEDIUM This Month

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libtiff Opensuse Leap
NVD VulDB
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-7787 MEDIUM PATCH This Month

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kde Cli Tools Leap Opensuse
NVD
CVSS 3.0
4.9
EPSS
0.5%
CVE-2016-9427 CRITICAL PATCH Act Now

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Bdwgc Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
3.1%
CVE-2016-6323 HIGH This Week

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Glibc Opensuse Fedora
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-6905 MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Libgd Leap +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2013-4118 HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp Leap Opensuse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2016-6352 HIGH POC This Week

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ubuntu Linux Gdk Pixbuf +2
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-3623 HIGH POC This Week

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Opensuse
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2016-6172 MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Leap Opensuse Authoritative Server
NVD GitHub
CVSS 3.0
6.8
EPSS
0.0%
CVE-2016-4303 CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Iperf3 Suse Package Hub For Suse Linux Enterprise +3
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
CVE-2016-6265 MEDIUM POC This Month

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mupdf Leap +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-6262 HIGH PATCH This Week

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libidn Ubuntu Linux Leap +1
NVD
CVSS 3.0
7.5
EPSS
4.7%
CVE-2015-8948 HIGH PATCH This Week

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Leap Opensuse Ubuntu Linux +1
NVD
CVSS 3.0
7.5
EPSS
4.1%
CVE-2016-6855 HIGH POC PATCH This Week

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow Fedora Leap +3
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
4.0%
CVE-2016-5421 HIGH PATCH This Week

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Leap Libcurl +4
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2016-5772 CRITICAL POC PATCH THREAT Act Now

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.9%.

RCE PHP Denial Of Service Linux Enterprise Debuginfo Leap +4
NVD GitHub
CVSS 3.1
9.8
EPSS
15.9%
CVE-2016-5771 CRITICAL POC PATCH Act Now

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Deserialization Denial Of Service Use After Free PHP +4
NVD GitHub
CVSS 3.1
9.8
EPSS
9.6%
CVE-2016-5770 CRITICAL POC PATCH THREAT Act Now

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Integer Overflow Denial Of Service PHP Leap Opensuse +1
NVD GitHub
CVSS 3.1
9.8
EPSS
10.1%
CVE-2016-3992 MEDIUM This Month

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cronic Debian Linux Leap Opensuse
NVD
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-5131 HIGH This Week

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service Use After Free Chrome +13
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2016-5387 HIGH PATCH Act Now

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.3%.

Information Disclosure Apache Http Server System Management Homepage Communications User Data Repository +18
NVD
CVSS 3.1
8.1
EPSS
60.3%
CVE-2016-3100 HIGH This Week

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse Kde Frameworks
NVD
CVSS 3.0
8.4
EPSS
0.0%
CVE-2016-5099 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin Opensuse
NVD GitHub
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-5098 MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 3.0
5.3
EPSS
0.5%
CVE-2016-5097 MEDIUM PATCH This Month

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Opensuse Phpmyadmin
NVD GitHub
CVSS 3.0
5.3
EPSS
0.6%
CVE-2016-4957 HIGH PATCH Act Now

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1%.

Denial Of Service Null Pointer Dereference Ntp Solaris Manager Proxy +6
NVD
CVSS 3.1
7.5
EPSS
59.1%
CVE-2016-4956 MEDIUM This Month

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Solaris Manager Proxy Openstack Cloud +6
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2016-4955 MEDIUM PATCH This Month

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Ntp Solaris Manager Proxy +7
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2016-4954 HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2016-4953 HIGH PATCH Act Now

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Authentication Bypass Ntp Solaris Manager +9
NVD
CVSS 3.1
7.5
EPSS
13.6%
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Tor +4
NVD
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Python Simplejson +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fedora Leap +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 37% CVSS 7.5
HIGH PATCH Act Now

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 36.8%.

Denial Of Service Fedora Linux Enterprise Debuginfo +18
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 15% CVSS 9.8
CRITICAL Act Now

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

Information Disclosure Zlib Leap +22
NVD GitHub
EPSS 12% CVSS 8.8
HIGH PATCH Act Now

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1%.

Information Disclosure Zlib Leap +17
NVD GitHub VulDB
EPSS 13% CVSS 9.8
CRITICAL Act Now

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Information Disclosure Zlib Leap +37
NVD GitHub VulDB
EPSS 10% CVSS 8.8
HIGH PATCH Act Now

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.0%.

Information Disclosure Boost Zlib +18
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Google +8
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Leap +3
NVD GitHub
EPSS 4% CVSS 7.7
HIGH PATCH This Week

Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Ubuntu Linux +8
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse +2
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Leap Opensuse +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Leap +7
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Leap Opensuse +6
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Stack-based buffer overflow in game-music-emu before 0.6.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Leap Opensuse +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Opensuse +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensuse Leap +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse +7
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Studio Onsite Opensuse +8
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Studio Onsite Leap +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Studio Onsite +9
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +10
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Opensuse Leap +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opensuse Leap +7
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to "throwing of exceptions.". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensuse Leap +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Leap +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Linux Enterprise Debuginfo +8
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap Opensuse +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Opensuse +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Leap +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Jasper +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Graphicsmagick Opensuse +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Graphicsmagick Opensuse +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an "unterminated" string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +4
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Graphicsmagick Debian Linux +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libgit2 +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Graphicsmagick Debian Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Graphicsmagick +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Graphicsmagick +6
NVD
EPSS 3% CVSS 4.3
MEDIUM This Month

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ntp Linux Enterprise Debuginfo +8
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +4
NVD VulDB
EPSS 2% CVSS 7.5
HIGH This Week

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff +1
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff Opensuse
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse +1
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libtiff +2
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Kde Cli Tools +2
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Glibc +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Freerdp +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via crafted dimensions in an ICO file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Opensuse
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Leap Opensuse +1
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libidn +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Leap +3
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Buffer Overflow +5
NVD Exploit-DB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +6
NVD
EPSS 16% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.9%.

RCE PHP Denial Of Service +6
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC PATCH Act Now

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Deserialization Denial Of Service +6
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.1%.

Integer Overflow Denial Of Service PHP +3
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM This Month

cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cronic Debian Linux +2
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Denial Of Service +15
NVD
EPSS 60% CVSS 8.1
HIGH PATCH Act Now

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.3%.

Information Disclosure Apache Http Server +20
NVD
EPSS 0% CVSS 8.4
HIGH This Week

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Leap Opensuse +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyadmin Opensuse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prerelease allows remote attackers to determine the existence of arbitrary files by triggering an error. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Opensuse Phpmyadmin
NVD GitHub
EPSS 59% CVSS 7.5
HIGH PATCH Act Now

ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1%.

Denial Of Service Null Pointer Dereference Ntp +8
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntp Solaris +8
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Ntp +9
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Denial Of Service Ntp +11
NVD
EPSS 14% CVSS 7.5
HIGH PATCH Act Now

ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Authentication Bypass Ntp +11
NVD
Page 1 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy