Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2015-1280 HIGH This Week

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
2.2%
CVE-2015-1279 HIGH This Week

Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-1278 MEDIUM This Month

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Debian Linux Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2015-1277 HIGH This Week

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2015-1276 CRITICAL Act Now

Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Enterprise Linux Desktop Supplementary +4
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2015-1275 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Java Opensuse Chrome
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-1274 MEDIUM This Month

Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Google Debian Linux Opensuse Enterprise Linux Desktop Supplementary +3
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2015-1273 MEDIUM This Month

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2015-1272 HIGH This Week

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +4
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-1271 MEDIUM This Month

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Opensuse Chrome +5
NVD
CVSS 2.0
6.8
EPSS
2.9%
CVE-2015-1270 MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2015-4757 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux MySQL Debian Linux +8
NVD
CVSS 2.0
3.5
EPSS
4.3%
CVE-2015-4752 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Solaris Debian Linux +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2648 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Solaris Ubuntu Linux +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-2643 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +9
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2015-3281 MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy Ubuntu Linux Openstack Cloud +8
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-4588 MEDIUM POC This Month

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Opensuse Libwmf +1
NVD
CVSS 2.0
6.8
EPSS
5.7%
CVE-2015-3164 LOW Monitor

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Opensuse X Server Xorg Server
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2015-2141 MEDIUM This Month

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crypto Library Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-0848 MEDIUM This Month

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Libwmf Fedora +1
NVD
CVSS 2.0
6.8
EPSS
4.7%
CVE-2015-4146 MEDIUM This Month

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wpa Supplicant Hostapd Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2015-4145 MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hostapd Opensuse Wpa Supplicant
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-4144 MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse Hostapd Wpa Supplicant
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-4143 MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Hostapd Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2015-4142 MEDIUM This Month

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 2.0
4.3
EPSS
7.1%
CVE-2015-4141 MEDIUM This Month

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant Hostapd Opensuse
NVD
CVSS 2.0
4.3
EPSS
1.5%
CVE-2015-4002 CRITICAL PATCH Act Now

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Linux Buffer Overflow Linux Kernel +2
NVD GitHub
CVSS 2.0
9.0
EPSS
3.7%
CVE-2015-4156 LOW Monitor

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Opensuse Parallel
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2015-3629 Go HIGH PATCH This Week

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer Opensuse
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2015-2718 MEDIUM This Month

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-2717 MEDIUM This Month

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +1
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-2716 HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
5.6%
CVE-2015-2715 MEDIUM This Month

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Denial Of Service Mozilla Buffer Overflow RCE +2
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-2713 MEDIUM This Month

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2015-2712 HIGH This Week

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Firefox Opensuse
NVD
CVSS 2.0
7.5
EPSS
3.9%
CVE-2015-2711 MEDIUM This Month

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-2710 MEDIUM This Month

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Thunderbird Firefox +5
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2015-2709 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +4
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2708 HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Suse Linux Enterprise Software Development Kit +6
NVD
CVSS 2.0
7.5
EPSS
1.3%
CVE-2015-3622 MEDIUM POC This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Fedora Libtasn1
NVD
CVSS 2.0
4.3
EPSS
6.1%
CVE-2015-3451 MEDIUM This Month

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Xml Libxml Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2014-3598 PyPI MEDIUM PATCH This Month

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Opensuse Pillow
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-3026 MEDIUM POC THREAT This Month

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Icecast Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
15.3%
CVE-2015-3340 LOW PATCH Monitor

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2). Rated low severity (CVSS 2.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Server +5
NVD
CVSS 2.0
2.9
EPSS
0.6%
CVE-2015-1863 MEDIUM This Month

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Ubuntu Linux Wpa Supplicant +8
NVD
CVSS 2.0
5.8
EPSS
8.5%
CVE-2015-3148 MEDIUM This Month

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Ubuntu Linux Debian Linux Mac Os X +4
NVD
CVSS 2.0
5.0
EPSS
1.7%
CVE-2015-3145 HIGH Act Now

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.7% and no vendor patch available.

Denial Of Service Buffer Overflow Fedora Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
7.5
EPSS
63.7%
CVE-2015-3336 MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Google Chrome Debian Linux +1
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-3335 HIGH POC This Week

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Chrome Opensuse
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2015-3334 MEDIUM POC This Month

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Debian Linux Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-1241 MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Chrome Debian Linux Ubuntu Linux +8
NVD
CVSS 2.0
4.3
EPSS
2.8%
CVE-2015-0492 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Opensuse Linux Enterprise Server +3
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2015-0491 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +3
NVD
CVSS 2.0
10.0
EPSS
7.9%
CVE-2015-0486 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0484 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +3
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-0459 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0% and no vendor patch available.

Information Disclosure Java Oracle Jdk Jre +3
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2015-0458 HIGH This Week

Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +2
NVD
CVSS 2.0
7.6
EPSS
7.5%
CVE-2015-3044 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2015-3042 CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.9%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
51.9%
Threat
5.1
CVE-2015-3041 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-3040 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-3039 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2015-3038 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2015-0360 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0358 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Opensuse Suse Linux Enterprise Desktop +6
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-0355 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0354 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0353 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0352 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0351 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Flash Player Opensuse +6
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2015-0350 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0349 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.0%.

Adobe RCE Microsoft Flash Player Enterprise Linux Desktop Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
11.0%
CVE-2015-0348 CRITICAL PATCH Act Now

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE Microsoft Enterprise Linux Desktop Supplementary +7
NVD
CVSS 2.0
10.0
EPSS
5.6%
CVE-2015-0347 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +8
NVD
CVSS 2.0
10.0
EPSS
3.7%
CVE-2015-0346 CRITICAL PATCH Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +6
NVD
CVSS 2.0
10.0
EPSS
7.0%
CVE-2014-9488 CRITICAL Act Now

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Opensuse Less
NVD
CVSS 2.0
10.0
EPSS
2.3%
CVE-2015-0251 MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2015-0248 MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse Xcode Enterprise Linux Desktop +5
NVD
CVSS 2.0
5.0
EPSS
15.8%
CVE-2015-0202 HIGH This Week

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Opensuse
NVD
CVSS 2.0
7.8
EPSS
2.1%
CVE-2015-0799 MEDIUM This Month

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Ubuntu Linux Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-0812 MEDIUM This Month

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox Opensuse Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-0811 MEDIUM This Month

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Firefox Opensuse +1
NVD
CVSS 2.0
6.4
EPSS
0.8%
CVE-2015-0808 MEDIUM This Month

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Opensuse Ubuntu Linux +1
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-0806 HIGH This Week

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Ubuntu Linux +2
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-0805 HIGH This Week

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Opensuse +2
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-0804 HIGH This Week

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Privilege Escalation RCE Firefox +2
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-0803 HIGH This Week

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Privilege Escalation RCE Ubuntu Linux +2
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-0802 MEDIUM POC THREAT This Month

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.

Mozilla Privilege Escalation Google Opensuse Ubuntu Linux +2
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
80.4%
Threat
4.9
CVE-2014-9462 PyPI HIGH POC PATCH This Week

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opensuse Mercurial
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2015-2787 HIGH POC THREAT Act Now

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.4%.

Deserialization RCE PHP Mac Os X Enterprise Linux Desktop +6
NVD GitHub
CVSS 2.0
7.5
EPSS
36.4%
Threat
4.1
EPSS 2% CVSS 7.5
HIGH This Week

SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Debian Linux +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +6
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Google Java +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Google Debian Linux +5
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux +6
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x-. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome +7
NVD
EPSS 4% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +10
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +11
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy +10
NVD
EPSS 6% CVSS 6.8
MEDIUM POC This Month

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 0% CVSS 3.6
LOW Monitor

The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Opensuse X Server +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Crypto Library Opensuse
NVD GitHub
EPSS 5% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not clear the L (Length) and M (More) flags before determining if a response should be fragmented, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wpa Supplicant Hostapd +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hostapd Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant +2
NVD
EPSS 7% CVSS 4.3
MEDIUM This Month

Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Wpa Supplicant +2
NVD
EPSS 4% CVSS 9.0
CRITICAL PATCH Act Now

drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Linux +4
NVD GitHub
EPSS 0% CVSS 3.6
LOW Monitor

GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Opensuse Parallel
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Docker Information Disclosure Libcontainer +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +3
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +8
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Denial Of Service Mozilla +4
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +8
NVD
EPSS 4% CVSS 7.5
HIGH This Week

The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Opensuse +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +7
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +8
NVD
EPSS 6% CVSS 4.3
MEDIUM POC This Month

The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse +2
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Xml Libxml Ubuntu Linux +3
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Opensuse Pillow
NVD
EPSS 15% CVSS 5.0
MEDIUM POC THREAT This Month

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.3%.

Denial Of Service Icecast Debian Linux +1
NVD
EPSS 1% CVSS 2.9
LOW PATCH Monitor

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2). Rated low severity (CVSS 2.9). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xen Suse Linux Enterprise Software Development Kit +7
NVD
EPSS 9% CVSS 5.8
MEDIUM This Month

Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +10
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fedora Ubuntu Linux +6
NVD
EPSS 64% CVSS 7.5
HIGH Act Now

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 63.7% and no vendor patch available.

Denial Of Service Buffer Overflow Fedora +8
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Google +3
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Google Chrome +10
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +5
NVD
EPSS 8% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +5
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0% and no vendor patch available.

Information Disclosure Java Oracle +5
NVD
EPSS 7% CVSS 7.6
HIGH This Week

Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Oracle +4
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft +9
NVD
EPSS 52% 5.1 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.9%.

RCE Denial Of Service Buffer Overflow +10
NVD Exploit-DB
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft +8
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 11% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.0%.

Adobe RCE Microsoft +8
NVD
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Buffer Overflow RCE +9
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +10
NVD
EPSS 7% CVSS 10.0
CRITICAL PATCH Act Now

Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft +8
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Opensuse Less
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse +7
NVD
EPSS 16% CVSS 5.0
MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse +7
NVD
EPSS 2% CVSS 7.8
HIGH This Week

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Opensuse
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Ubuntu Linux +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox +2
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Privilege Escalation +4
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Privilege Escalation +4
NVD
EPSS 80% 4.9 CVSS 5.0
MEDIUM POC THREAT This Month

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 80.4%.

Mozilla Privilege Escalation Google +4
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Opensuse Mercurial
NVD
EPSS 36% 4.1 CVSS 7.5
HIGH POC THREAT Act Now

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 36.4%.

Deserialization RCE PHP +8
NVD GitHub
Prev Page 6 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy