Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2013-2217 PyPI LOW PATCH Monitor

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name. Rated low severity (CVSS 1.2).

Information Disclosure Suds Opensuse Enterprise Linux
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2013-4132 MEDIUM This Month

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kde Workspace Kde Sc Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-4123 MEDIUM POC PATCH THREAT This Month

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.9%.

Denial Of Service Squid Opensuse
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
69.9%
Threat
4.6
CVE-2013-5589 HIGH PATCH This Week

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Debian Linux Cacti Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-5588 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Cacti Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-5018 MEDIUM POC This Month

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Strongswan Opensuse
NVD
CVSS 2.0
4.3
EPSS
2.9%
CVE-2013-4111 PyPI MEDIUM PATCH This Month

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Glanceclient Opensuse
NVD GitHub
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-3495 MEDIUM This Month

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Intel Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-2161 PyPI HIGH PATCH This Week

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Folsom Grizzly Havana +1
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-5029 MEDIUM POC PATCH This Month

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
1.7%
CVE-2013-4852 MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Winscp Debian Linux +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-4242 LOW Monitor

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Gnupg Libgcrypt +1
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-2145 MEDIUM POC PATCH This Month

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special. Rated medium severity (CVSS 4.4). Public exploit code available.

RCE Ubuntu Linux Opensuse Module
NVD GitHub
CVSS 2.0
4.4
EPSS
0.2%
CVE-2013-1872 MEDIUM This Month

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Intel Denial Of Service RCE Mesa +3
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-4238 MEDIUM PATCH This Month

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-2132 PyPI MEDIUM POC PATCH This Month

bson/_cbsonmodule.c in the mongo-python-driver (aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python Denial Of Service MongoDB Ubuntu Linux Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
2.2%
CVE-2013-2126 HIGH POC PATCH This Week

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Libraw Ubuntu Linux Opensuse
NVD GitHub
CVSS 2.0
7.5
EPSS
3.2%
CVE-2013-4115 HIGH PATCH Act Now

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 75.1%.

Buffer Overflow Denial Of Service Opensuse Squid
NVD
CVSS 2.0
7.5
EPSS
75.1%
CVE-2013-4124 MEDIUM POC PATCH THREAT This Month

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Denial Of Service Ubuntu Linux Enterprise Linux Fedora Samba +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
83.5%
Threat
5.0
CVE-2013-2174 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE Curl Libcurl +3
NVD GitHub
CVSS 2.0
6.8
EPSS
3.2%
CVE-2013-2112 HIGH This Week

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux Opensuse
NVD
CVSS 2.0
7.8
EPSS
3.7%
CVE-2013-2088 HIGH POC This Week

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Subversion Opensuse
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
6.5%
CVE-2013-1968 MEDIUM This Month

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux Opensuse
NVD
CVSS 2.0
5.5
EPSS
1.2%
CVE-2013-4854 HIGH POC THREAT Act Now

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Denial Of Service Bind Suse Linux Enterprise Software Development Kit Suse Linux Dnsco Bind +8
NVD
CVSS 2.0
7.8
EPSS
51.1%
Threat
4.6
CVE-2013-4002 Maven HIGH PATCH This Week

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Java Denial Of Service Apache Oracle IBM +14
NVD
CVSS 2.0
7.1
EPSS
5.6%
CVE-2013-3812 LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris Opensuse Linux Enterprise Desktop +6
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2013-3809 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Opensuse +5
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-3808 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Opensuse +3
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2013-3805 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Linux Enterprise Desktop +4
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-3804 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Debian Linux Ubuntu Linux +5
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-3802 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Debian Linux +5
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-3801 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Opensuse Linux Enterprise Desktop +3
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-3794 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Opensuse +4
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-3793 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris MySQL Debian Linux +6
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-3783 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Debian Linux +5
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2013-2765 MEDIUM POC PATCH This Month

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Apache Null Pointer Dereference Modsecurity Opensuse
NVD GitHub Exploit-DB
CVSS 2.0
5.0
EPSS
5.4%
CVE-2013-1896 MEDIUM POC THREAT This Month

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

Denial Of Service Apache Http Server Jboss Enterprise Application Platform Enterprise Linux Desktop +7
NVD
CVSS 2.0
4.3
EPSS
38.6%
CVE-2013-1362 HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Information Disclosure Opensuse Remote Plug In Executor
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
76.4%
Threat
5.3
CVE-2013-2168 LOW Monitor

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Dbus Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-2064 MEDIUM This Month

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Debian Linux Secure Global Desktop Ubuntu Linux Opensuse +2
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-1987 MEDIUM This Month

Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ubuntu Linux Opensuse Libxrender
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-1862 MEDIUM PATCH This Month

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 39.6%.

Apache Information Disclosure Http Server Jboss Enterprise Application Platform Enterprise Linux Desktop +7
NVD
CVSS 2.0
5.1
EPSS
39.6%
CVE-2013-4082 MEDIUM PATCH This Month

The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2013-4081 MEDIUM This Month

The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2013-4079 MEDIUM This Month

The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2013-4078 MEDIUM This Month

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2013-4077 MEDIUM This Month

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-4076 MEDIUM This Month

Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-4075 MEDIUM This Month

epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2013-4074 MEDIUM POC THREAT This Month

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.5%.

Denial Of Service Wireshark Debian Linux Opensuse
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
32.5%
CVE-2013-3562 MEDIUM POC PATCH This Month

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
3.4%
CVE-2013-3561 HIGH PATCH This Week

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2013-3560 MEDIUM POC PATCH This Month

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
3.5%
CVE-2013-3559 MEDIUM POC PATCH This Month

epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2013-3558 MEDIUM This Month

The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
3.3%
CVE-2013-3557 MEDIUM POC PATCH This Month

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
4.2%
CVE-2013-3556 MEDIUM This Month

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-3555 MEDIUM POC PATCH This Month

epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
3.4%
CVE-2013-3335 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3334 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3333 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-3332 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-3331 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2013-3330 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3329 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3328 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3327 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3326 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3325 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-3324 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-2728 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +11
NVD
CVSS 2.0
10.0
EPSS
4.0%
CVE-2013-1846 MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache Subversion Opensuse
NVD
CVSS 2.0
4.0
EPSS
1.9%
CVE-2013-1845 LOW Monitor

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apache Subversion Opensuse
NVD
CVSS 2.0
2.1
EPSS
1.8%
CVE-2013-1927 MEDIUM This Month

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Icedtea Web Ubuntu Linux Opensuse
NVD
CVSS 2.0
6.8
EPSS
2.5%
CVE-2013-1926 MEDIUM This Month

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Icedtea Web Ubuntu Linux Opensuse
NVD
CVSS 2.0
5.8
EPSS
0.9%
CVE-2013-1915 HIGH PATCH This Week

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Modsecurity Opensuse Fedora +1
NVD GitHub
CVSS 2.0
7.5
EPSS
4.8%
CVE-2013-0338 MEDIUM This Month

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Libxml2 Ubuntu Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2013-0233 Ruby MEDIUM POC PATCH THREAT This Month

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.8%.

Authentication Bypass Devise Opensuse
NVD GitHub
CVSS 2.0
6.8
EPSS
68.8%
Threat
4.9
CVE-2013-1416 MEDIUM PATCH This Month

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Opensuse Fedora +5
NVD GitHub
CVSS 2.0
4.0
EPSS
2.3%
CVE-2012-6139 MEDIUM POC PATCH THREAT This Month

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Denial Of Service Libxslt Opensuse
NVD
CVSS 2.0
5.0
EPSS
10.8%
CVE-2013-1379 CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow Adobe Microsoft +6
NVD
CVSS 2.0
10.0
EPSS
5.7%
CVE-2013-0800 MEDIUM PATCH This Month

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Buffer Overflow Mozilla RCE Firefox Seamonkey +8
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2013-1861 MEDIUM POC THREAT This Month

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Buffer Overflow Denial Of Service Oracle MariaDB MySQL +7
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
20.8%
CVE-2013-0913 HIGH PATCH This Week

Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Google Linux Kernel +2
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-2555 CRITICAL Act Now

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Adobe Microsoft Integer Overflow RCE +9
NVD
CVSS 2.0
10.0
EPSS
7.1%
CVE-2013-2488 MEDIUM This Month

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2013-2487 HIGH This Week

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
7.8
EPSS
3.6%
CVE-2013-2486 MEDIUM This Month

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
6.1
EPSS
1.6%
CVE-2013-2485 MEDIUM This Month

The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2013-2484 LOW Monitor

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse Wireshark
NVD
CVSS 2.0
3.3
EPSS
1.4%
EPSS 0% CVSS 1.2
LOW PATCH Monitor

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name. Rated low severity (CVSS 1.2).

Information Disclosure Suds Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Kde Workspace Kde Sc +1
NVD
EPSS 70% 4.6 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.9%.

Denial Of Service Squid Opensuse
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Debian Linux +2
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Cacti +1
NVD
EPSS 3% CVSS 4.3
MEDIUM POC This Month

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Strongswan +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Python Glanceclient +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Intel Denial Of Service +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Folsom +3
NVD
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP Authentication Bypass Opensuse +1
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE +4
NVD
EPSS 0% CVSS 1.9
LOW Monitor

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +3
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special. Rated medium severity (CVSS 4.4). Public exploit code available.

RCE Ubuntu Linux Opensuse +1
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent attackers to cause a denial of service (reachable assertion and crash) and possibly execute arbitrary code via vectors involving 3d. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Intel Denial Of Service +5
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Ubuntu Linux +1
NVD
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

bson/_cbsonmodule.c in the mongo-python-driver (aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Python Denial Of Service MongoDB +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Libraw +2
NVD GitHub
EPSS 75% CVSS 7.5
HIGH PATCH Act Now

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 75.1%.

Buffer Overflow Denial Of Service Opensuse +1
NVD
EPSS 84% 5.0 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Denial Of Service Ubuntu Linux Enterprise Linux +3
NVD Exploit-DB
EPSS 3% CVSS 6.8
MEDIUM POC PATCH This Month

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Denial Of Service RCE +5
NVD GitHub
EPSS 4% CVSS 7.8
HIGH This Week

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux +1
NVD
EPSS 6% CVSS 7.1
HIGH POC This Week

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Subversion Opensuse
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM This Month

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux +1
NVD
EPSS 51% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Denial Of Service Bind Suse Linux Enterprise Software Development Kit +10
NVD
EPSS 6% CVSS 7.1
HIGH PATCH This Week

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Java Denial Of Service Apache +16
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris +8
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +7
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +5
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +6
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +5
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +6
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris +8
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +7
NVD
EPSS 5% CVSS 5.0
MEDIUM POC PATCH This Month

The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Apache Null Pointer Dereference +2
NVD GitHub Exploit-DB
EPSS 39% CVSS 4.3
MEDIUM POC THREAT This Month

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 38.6%.

Denial Of Service Apache Http Server +9
NVD
EPSS 76% 5.3 CVSS 7.5
HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Information Disclosure Opensuse Remote Plug In Executor
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW Monitor

The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of. Rated low severity (CVSS 1.9). No vendor patch available.

Denial Of Service Dbus Opensuse
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Debian Linux Secure Global Desktop +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRenderQueryFilters,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Ubuntu Linux Opensuse +1
NVD
EPSS 40% CVSS 5.1
MEDIUM PATCH This Month

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 39.6%.

Apache Information Disclosure Http Server +9
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.8 does not validate the relationship between a record length and a trailer length, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Wireshark +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The http_payload_subdissector function in epan/dissectors/packet-http.c in the HTTP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 does not properly determine when to use a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The dissect_schedule_message function in epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x before 1.8.8 does not validate return values during checks for data availability, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Array index error in the NBAP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to nbap.cnf and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Debian Linux +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Buffer overflow in the dissect_iphc_crtp_fh function in epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Debian Linux +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in Wireshark 1.8.x before 1.8.8 does not properly initialize memory, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 32% CVSS 5.0
MEDIUM POC THREAT This Month

The dissect_capwap_data function in epan/dissectors/packet-capwap.c in the CAPWAP dissector in Wireshark 1.6.x before 1.6.16 and 1.8.x before 1.8.8 incorrectly uses a -1 data value to represent an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 32.5%.

Denial Of Service Wireshark Debian Linux +1
NVD Exploit-DB
EPSS 3% CVSS 5.0
MEDIUM POC PATCH This Month

Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (loop or application crash) via a malformed packet, related to a crash of the Websocket. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 3% CVSS 5.0
MEDIUM POC PATCH This Month

The dissect_dsmcc_un_download function in epan/dissectors/packet-mpeg-dsmcc.c in the MPEG DSM-CC dissector in Wireshark 1.8.x before 1.8.7 uses an incorrect format string, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 5% CVSS 5.0
MEDIUM POC PATCH This Month

epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Debian Linux +2
NVD
EPSS 3% CVSS 5.0
MEDIUM This Month

The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c in the PPP CCP dissector in Wireshark 1.8.x before 1.8.7 does not terminate a bit-field list, which allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 4% CVSS 5.0
MEDIUM POC PATCH This Month

The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Wireshark +2
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 3% CVSS 5.0
MEDIUM POC PATCH This Month

epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark 1.8.x before 1.8.7 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +13
NVD
EPSS 2% CVSS 4.0
MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache +2
NVD
EPSS 2% CVSS 2.1
LOW Monitor

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apache +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Icedtea Web +2
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Icedtea Web Ubuntu Linux +1
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Modsecurity +3
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Libxml2 +2
NVD
EPSS 69% 4.9 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 68.8%.

Authentication Bypass Devise Opensuse
NVD GitHub
EPSS 2% CVSS 4.0
MEDIUM PATCH This Month

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 +7
NVD GitHub
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Denial Of Service Libxslt Opensuse
NVD
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Denial Of Service Buffer Overflow +8
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Buffer Overflow Mozilla RCE +10
NVD
EPSS 21% CVSS 5.0
MEDIUM POC THREAT This Month

MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Buffer Overflow Denial Of Service Oracle +9
NVD Exploit-DB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux +4
NVD
EPSS 7% CVSS 10.0
CRITICAL Act Now

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Adobe Microsoft +11
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 4% CVSS 7.8
HIGH This Week

epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse +1
NVD
EPSS 1% CVSS 3.3
LOW Monitor

The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Opensuse +1
NVD
Prev Page 11 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy