Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2014-1705 HIGH This Week

Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Google Buffer Overflow Microsoft +3
NVD VulDB
CVSS 2.0
7.5
EPSS
3.0%
CVE-2014-2324 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Path Traversal Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +2
NVD VulDB
CVSS 2.0
5.0
EPSS
71.7%
Threat
4.7
CVE-2014-2323 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

SQLi Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +1
NVD VulDB
CVSS 3.1
9.8
EPSS
90.4%
Threat
6.2
CVE-2014-2270 MEDIUM PATCH This Month

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Buffer Overflow File PHP Debian Linux +2
NVD GitHub VulDB
CVSS 2.0
4.3
EPSS
27.1%
CVE-2014-0467 MEDIUM This Month

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mutt Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
1.8%
CVE-2014-1839 PyPI MEDIUM PATCH This Month

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. Rated medium severity (CVSS 4.4).

Information Disclosure Opensuse Logilab Common
NVD VulDB
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-1838 PyPI MEDIUM PATCH This Month

The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via. Rated medium severity (CVSS 4.4).

Information Disclosure Opensuse Logilab Common
NVD VulDB
CVSS 2.0
4.4
EPSS
0.0%
CVE-2014-2309 MEDIUM POC This Month

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow Linux Kernel Opensuse +1
NVD VulDB
CVSS 2.0
6.1
EPSS
0.9%
CVE-2014-0081 Ruby MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails Opensuse Cloudforms +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-2328 MEDIUM This Month

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Standards Based Linux Common Information Model Client Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-2191 PyPI MEDIUM PATCH This Month

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Bugzilla Fedora Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-0038 MEDIUM POC PATCH THREAT This Month

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted. Rated medium severity (CVSS 6.9). Public exploit code available and EPSS exploitation probability 51.5%.

Linux Information Disclosure Linux Kernel Opensuse
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
51.5%
Threat
4.4
CVE-2013-6393 npm MEDIUM PATCH This Month

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE Libyaml Ubuntu Linux +4
NVD
CVSS 2.0
6.8
EPSS
8.1%
CVE-2012-1095 MEDIUM This Month

osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Osc Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1491 MEDIUM POC PATCH This Month

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Mozilla Authentication Bypass Firefox Network Security Services Seamonkey +10
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1490 CRITICAL PATCH Act Now

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Mozilla Race Condition Firefox Network Security Services +11
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2014-1489 MEDIUM This Month

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Mozilla Solaris Linux Enterprise Desktop +5
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2014-1488 CRITICAL Act Now

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Seamonkey Ubuntu Linux +5
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2014-1487 HIGH POC This Week

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +14
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2014-1486 CRITICAL Act Now

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Mozilla Memory Corruption Use After Free Firefox +15
NVD
CVSS 3.1
9.8
EPSS
10.8%
CVE-2014-1485 HIGH This Week

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox Seamonkey Solaris +5
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2014-1484 MEDIUM This Month

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Google Linux Enterprise Desktop Linux Enterprise Server +4
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2014-1483 MEDIUM This Month

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XSS Solaris Ubuntu Linux Firefox +5
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-1482 HIGH POC This Week

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Denial Of Service Buffer Overflow Memory Corruption RCE +17
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2014-1481 HIGH POC This Week

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox Seamonkey Thunderbird +14
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2014-1480 MEDIUM This Month

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Opensuse Linux Enterprise Desktop Linux Enterprise Server +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-1479 HIGH POC This Week

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox Seamonkey Thunderbird +14
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2014-1478 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Memory Corruption RCE +5
NVD
CVSS 2.0
10.0
EPSS
1.2%
CVE-2014-1477 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +16
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2014-0019 LOW PATCH Monitor

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the. Rated low severity (CVSS 1.9).

Buffer Overflow Denial Of Service Socat Fedora Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-6650 HIGH POC This Week

The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Google Debian Linux Chrome +1
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2013-6649 HIGH POC This Week

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Chrome Debian Linux Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-0979 LOW Monitor

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Opensuse Lightdm Gtk Greeter
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-6425 MEDIUM PATCH This Month

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman Ubuntu Linux Debian Linux +7
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2013-6424 MEDIUM PATCH This Month

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman Debian Linux Opensuse +1
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2013-6646 HIGH POC PATCH This Week

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
7.5
EPSS
1.8%
CVE-2013-6645 MEDIUM POC PATCH This Month

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2013-6644 HIGH POC This Week

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +3
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-6643 HIGH POC PATCH This Week

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Microsoft Authentication Bypass Chrome Opensuse +1
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2013-6641 HIGH POC PATCH This Week

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Use After Free Denial Of Service Memory Corruption Microsoft +2
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2139 LOW Monitor

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Fedora Opensuse Libsrtp
NVD GitHub
CVSS 2.0
2.6
EPSS
1.8%
CVE-2013-3713 MEDIUM POC This Month

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Information Disclosure Opensuse
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2013-5211 MEDIUM POC PATCH THREAT This Month

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.1%.

Denial Of Service Opensuse Ntp Linux
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
92.1%
Threat
5.3
CVE-2013-6420 HIGH POC PATCH THREAT Act Now

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service Buffer Overflow PHP OpenSSL RCE +2
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
40.2%
Threat
4.2
CVE-2013-4587 HIGH PATCH This Week

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Opensuse
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-6394 LOW PATCH Monitor

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Xtrabackup Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0348 LOW PATCH Monitor

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Sthttpd Fedora Linux Opensuse +1
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-6673 MEDIUM POC This Month

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Fedora Firefox Seamonkey +6
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2013-6672 MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Linux Enterprise Desktop Linux Enterprise Server +6
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-6671 CRITICAL POC THREAT Emergency

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Code Injection Mozilla RCE Firefox Seamonkey +14
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2013-5619 HIGH This Week

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Integer Overflow Opensuse Linux Enterprise Desktop +7
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-5618 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE Mozilla Memory Corruption Use After Free Firefox +15
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2013-5616 CRITICAL POC Act Now

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +17
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2013-5615 CRITICAL POC Act Now

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +6
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2013-5614 MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Fedora +13
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5613 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +17
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2013-5612 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Fedora +13
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-5611 MEDIUM This Month

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris Fedora Ubuntu Linux +5
NVD
CVSS 2.0
5.8
EPSS
1.2%
CVE-2013-5610 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Memory Corruption RCE +9
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2013-5609 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +15
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2013-1090 HIGH This Week

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Opensuse
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-0427 HIGH POC This Week

yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opensuse
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-0425 HIGH This Week

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opensuse
NVD
CVSS 2.0
7.8
EPSS
0.3%
CVE-2013-6712 MEDIUM PATCH This Month

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3%.

PHP Buffer Overflow Denial Of Service Mac Os X Opensuse +2
NVD
CVSS 2.0
5.0
EPSS
17.3%
CVE-2013-4509 LOW PATCH Monitor

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which. Rated low severity (CVSS 1.9).

Authentication Bypass Ibus Opensuse
NVD GitHub
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-4547 HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server Studio Onsite Webyast +1
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
90.9%
Threat
5.7
CVE-2013-0223 LOW POC Monitor

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Opensuse Enterprise Linux
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-0222 LOW Monitor

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse Enterprise Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0221 MEDIUM POC This Month

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Enterprise Linux Opensuse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.0%
CVE-2013-6858 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-6375 HIGH This Week

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Intel Denial Of Service Xen Opensuse
NVD
CVSS 2.0
7.9
EPSS
0.6%
CVE-2013-4559 HIGH This Week

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Lighttpd Debian Linux Opensuse
NVD
CVSS 2.0
7.6
EPSS
9.5%
CVE-2013-4560 MEDIUM This Month

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Lighttpd Debian Linux +1
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2013-4487 MEDIUM POC PATCH This Month

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gnutls Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6629 MEDIUM PATCH This Month

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Chrome Solaris Gpl Ghostscript +8
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-1418 MEDIUM PATCH This Month

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Debian Linux Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
7.7%
CVE-2013-2061 LOW POC PATCH Monitor

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Oracle Openvpn Openvpn Access Server Opensuse
NVD GitHub
CVSS 2.0
2.6
EPSS
1.5%
CVE-2013-6621 HIGH POC This Week

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Apple Opensuse Chrome +1
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2013-4508 HIGH POC This Week

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lighttpd Debian Linux Opensuse
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2013-2065 MEDIUM POC This Month

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opensuse Ruby
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2012-6303 MEDIUM POC THREAT This Month

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.6%.

Buffer Overflow Denial Of Service RCE Snack Sound Toolkit Wavesurfer +1
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
22.6%
CVE-2013-4885 MEDIUM POC PATCH This Month

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal Nmap Opensuse
NVD Exploit-DB GitHub
CVSS 2.0
6.8
EPSS
6.4%
CVE-2013-4365 HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Mod Fcgid Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.7%
CVE-2013-2190 LOW POC Monitor

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Clutter Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4389 Ruby MEDIUM POC PATCH This Month

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Rails Opensuse Debian Linux
NVD
CVSS 2.0
4.3
EPSS
1.3%
CVE-2013-2927 MEDIUM This Month

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Debian Linux Opensuse Chrome
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2013-4344 HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-4288 HIGH PATCH This Week

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Race Condition Authentication Bypass Opensuse Polkit Ubuntu Linux +1
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-2919 HIGH This Week

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Opensuse Chrome +1
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2013-0211 MEDIUM PATCH This Month

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Libarchive Ubuntu Linux Opensuse +2
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
EPSS 3% CVSS 7.5
HIGH This Week

Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Google +5
NVD VulDB
EPSS 72% 4.7 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Path Traversal Lighttpd Debian Linux +4
NVD VulDB
EPSS 90% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

SQLi Lighttpd Debian Linux +3
NVD VulDB
EPSS 27% CVSS 4.3
MEDIUM PATCH This Month

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Buffer Overflow File +4
NVD GitHub VulDB
EPSS 2% CVSS 5.0
MEDIUM This Month

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Mutt +1
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file. Rated medium severity (CVSS 4.4).

Information Disclosure Opensuse Logilab Common
NVD VulDB
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via. Rated medium severity (CVSS 4.4).

Information Disclosure Opensuse Logilab Common
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow +3
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Rails Ruby On Rails +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Standards Based Linux Common Information Model Client +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Python Bugzilla +2
NVD
EPSS 52% 4.4 CVSS 6.9
MEDIUM POC PATCH THREAT This Month

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted. Rated medium severity (CVSS 6.9). Public exploit code available and EPSS exploitation probability 51.5%.

Linux Information Disclosure Linux Kernel +1
NVD Exploit-DB GitHub
EPSS 8% CVSS 6.8
MEDIUM PATCH This Month

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service RCE +6
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Osc Opensuse
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Mozilla Authentication Bypass Firefox +12
NVD
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Denial Of Service Mozilla Race Condition +13
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Mozilla +7
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +16
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.8% and no vendor patch available.

RCE Mozilla Memory Corruption +17
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla RCE Firefox +7
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Google +6
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla XSS Solaris +7
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Denial Of Service Buffer Overflow +19
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox +16
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Opensuse +7
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Authentication Bypass Firefox +16
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow +7
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla +18
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the. Rated low severity (CVSS 1.9).

Buffer Overflow Denial Of Service Socat +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Google +3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Use-after-free vulnerability in the RenderSVGImage::paint function in core/rendering/svg/RenderSVGImage.cpp in Blink, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Chrome +2
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Opensuse Lightdm Gtk Greeter
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman +9
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman +3
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/web_contents/web_contents_view_aura.cc in Google Chrome before 32.0.1700.76 on Windows and before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Google Use After Free Denial Of Service +5
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allow attackers to cause a denial of service or possibly have other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/one_click_signin_bubble_view.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Microsoft Authentication Bypass +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 32.0.1700.76 on Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google Use After Free Denial Of Service +4
NVD
EPSS 2% CVSS 2.6
LOW Monitor

Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Fedora +2
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain. Rated medium severity (CVSS 4.4). Public exploit code available and no vendor patch available.

Information Disclosure Opensuse
NVD
EPSS 92% 5.3 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.1%.

Denial Of Service Opensuse Ntp +1
NVD Exploit-DB
EPSS 40% 4.2 CVSS 7.5
HIGH POC PATCH THREAT Act Now

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 40.2%.

Denial Of Service Buffer Overflow PHP +4
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Xtrabackup Opensuse
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Sthttpd Fedora +3
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Fedora +8
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse +8
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

Code Injection Mozilla RCE +16
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Integer Overflow +9
NVD
EPSS 10% CVSS 9.8
CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

RCE Mozilla Memory Corruption +17
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Use After Free Denial Of Service +19
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +8
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +15
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.1%.

Mozilla Use After Free Denial Of Service +19
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox +15
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Solaris +7
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow +11
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla +17
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Opensuse
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2). Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opensuse
NVD
EPSS 0% CVSS 7.8
HIGH This Week

LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opensuse
NVD
EPSS 17% CVSS 5.0
MEDIUM PATCH This Month

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3%.

PHP Buffer Overflow Denial Of Service +4
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which. Rated low severity (CVSS 1.9).

Authentication Bypass Ibus Opensuse
NVD GitHub
EPSS 91% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.9%.

Nginx Authentication Bypass Lifecycle Management Server +3
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW POC Monitor

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i. Rated low severity (CVSS 1.9). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Opensuse +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse +1
NVD
EPSS 6% CVSS 4.3
MEDIUM POC This Month

The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Enterprise Linux +1
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse +1
NVD
EPSS 1% CVSS 7.9
HIGH This Week

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Intel Denial Of Service +2
NVD
EPSS 10% CVSS 7.6
HIGH This Week

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Lighttpd Debian Linux +1
NVD
EPSS 7% CVSS 5.0
MEDIUM This Month

Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free +3
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gnutls +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Chrome +10
NVD
EPSS 8% CVSS 4.3
MEDIUM PATCH This Month

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 +2
NVD GitHub
EPSS 1% CVSS 2.6
LOW POC PATCH Monitor

The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Oracle Openvpn +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Apple +3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lighttpd Debian Linux +1
NVD
EPSS 0% CVSS 6.4
MEDIUM POC This Month

(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opensuse Ruby
NVD
EPSS 23% CVSS 6.8
MEDIUM POC THREAT This Month

Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.6%.

Buffer Overflow Denial Of Service RCE +3
NVD Exploit-DB
EPSS 6% CVSS 6.8
MEDIUM POC PATCH This Month

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Path Traversal Nmap Opensuse
NVD Exploit-DB GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +5
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Clutter Opensuse
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Rails Opensuse +1
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Use-after-free vulnerability in the HTMLFormElement::prepareForSubmission function in core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Debian Linux +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qemu Opensuse +5
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Race Condition Authentication Bypass Opensuse +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Google V8, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google +3
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Libarchive +4
NVD GitHub
Prev Page 10 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy