Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2015-2348 MEDIUM POC This Month

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +5
NVD
CVSS 2.0
5.0
EPSS
7.2%
CVE-2015-2331 HIGH POC THREAT Act Now

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Denial Of Service RCE PHP Buffer Overflow Libzip +3
NVD
CVSS 2.0
7.5
EPSS
42.7%
Threat
4.3
CVE-2015-2305 MEDIUM POC THREAT This Month

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.9%.

Integer Overflow RCE Buffer Overflow Rxspencer Ubuntu Linux +3
NVD
CVSS 2.0
6.8
EPSS
32.9%
CVE-2015-2301 HIGH POC THREAT Act Now

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Memory Corruption PHP Denial Of Service Use After Free Ubuntu Linux +9
NVD
CVSS 2.0
7.5
EPSS
11.2%
CVE-2014-9709 MEDIUM POC THREAT This Month

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Denial Of Service PHP Buffer Overflow Opensuse Libgd +2
NVD
CVSS 2.0
5.0
EPSS
16.5%
CVE-2015-2157 LOW PATCH Monitor

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Fedora Opensuse Putty
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3619 MEDIUM This Month

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Glusterfs
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2015-2317 PyPI MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux Fedora Opensuse +3
NVD
CVSS 2.0
4.3
EPSS
4.3%
CVE-2015-2316 PyPI MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris Django Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-0295 MEDIUM This Month

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fedora Opensuse Qt
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2015-2155 HIGH PATCH This Week

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux Fedora Opensuse +2
NVD
CVSS 2.0
7.5
EPSS
4.5%
CVE-2014-8169 MEDIUM This Month

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation +2
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-0778 HIGH This Week

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fedora Opensuse Osc Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2015-2304 MEDIUM POC This Month

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Libarchive Ubuntu Linux Opensuse
NVD GitHub
CVSS 2.0
6.4
EPSS
3.5%
CVE-2015-2192 MEDIUM This Month

Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-2191 MEDIUM This Month

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Mageia Wireshark Opensuse
NVD
CVSS 2.0
5.0
EPSS
3.6%
CVE-2015-2190 MEDIUM This Month

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark Solaris
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2189 MEDIUM This Month

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Linux Solaris +3
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2188 MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Mageia Opensuse +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2187 MEDIUM This Month

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0228 MEDIUM This Month

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.7% and no vendor patch available.

Denial Of Service Apache Http Server Ubuntu Linux Mac Os X +3
NVD GitHub
CVSS 2.0
5.0
EPSS
18.7%
CVE-2014-8160 MEDIUM PATCH This Month

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Linux Authentication Bypass Linux Kernel Opensuse Linux Enterprise Desktop +12
NVD GitHub
CVSS 2.0
5.0
EPSS
2.9%
CVE-2015-0834 MEDIUM This Month

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2015-0833 MEDIUM This Month

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Microsoft Evergreen Opensuse +3
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0832 MEDIUM This Month

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Opensuse Ubuntu Linux Firefox
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2015-0830 MEDIUM This Month

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Ubuntu Linux Firefox Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-0829 MEDIUM This Month

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Ubuntu Linux Opensuse +2
NVD
CVSS 2.0
6.8
EPSS
2.2%
CVE-2015-0828 MEDIUM This Month

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Solaris +2
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2015-0826 MEDIUM This Month

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +2
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-0825 MEDIUM This Month

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow Ubuntu Linux Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2015-0824 MEDIUM This Month

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Opensuse Ubuntu Linux +1
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-0823 HIGH PATCH This Week

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Mozilla Information Disclosure Ubuntu Linux Opentype Sanitiser Firefox +1
NVD GitHub
CVSS 2.0
7.5
EPSS
1.7%
CVE-2015-0821 MEDIUM This Month

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google Firefox Opensuse +2
NVD
CVSS 2.0
6.8
EPSS
1.3%
CVE-2015-0820 LOW Monitor

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse Firefox Ubuntu Linux
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2015-0819 MEDIUM This Month

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Opensuse Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-9402 HIGH POC This Week

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Ubuntu Linux Opensuse
NVD
CVSS 2.0
7.8
EPSS
8.7%
CVE-2013-7423 MEDIUM This Month

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Server Aus Ubuntu Linux Opensuse Glibc
NVD GitHub
CVSS 2.0
5.0
EPSS
4.7%
CVE-2015-0255 MEDIUM PATCH This Month

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure X Server Opensuse
NVD
CVSS 2.0
6.4
EPSS
6.4%
CVE-2015-0245 LOW Monitor

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Denial Of Service Dbus Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2013-2027 Maven MEDIUM PATCH This Month

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Opensuse Jython
NVD
CVSS 2.0
4.6
EPSS
0.0%
CVE-2015-1546 MEDIUM This Month

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.4% and no vendor patch available.

Denial Of Service Openldap Opensuse Mac Os X
NVD
CVSS 2.0
5.0
EPSS
10.4%
CVE-2015-1345 LOW POC Monitor

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Grep Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9512 MEDIUM POC This Month

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Opensuse Solaris
NVD
CVSS 2.0
6.4
EPSS
8.9%
CVE-2014-9675 MEDIUM POC This Month

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Freetype Debian Linux Fedora +7
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-9674 HIGH POC PATCH This Week

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Ubuntu Linux Solaris Fedora +8
NVD
CVSS 2.0
7.5
EPSS
5.1%
CVE-2014-9673 MEDIUM POC This Month

Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux Debian Linux Enterprise Linux Desktop +7
NVD
CVSS 2.0
6.8
EPSS
4.2%
CVE-2014-9672 MEDIUM POC PATCH This Month

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Solaris Debian Linux Ubuntu Linux +2
NVD
CVSS 2.0
5.8
EPSS
4.7%
CVE-2014-9671 MEDIUM POC PATCH This Month

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus Enterprise Linux Server +7
NVD
CVSS 2.0
4.3
EPSS
3.2%
CVE-2014-9670 MEDIUM POC PATCH This Month

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Debian Linux Opensuse Fedora Solaris +8
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2014-9669 MEDIUM POC PATCH This Month

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Freetype +10
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2014-9668 HIGH POC This Week

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Fedora Ubuntu Linux +1
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-9667 MEDIUM POC This Month

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux Ubuntu Linux Fedora +8
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-9666 MEDIUM POC PATCH This Month

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse Solaris Ubuntu Linux +9
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2014-9665 HIGH POC This Week

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fedora Ubuntu Linux Freetype +1
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-9664 MEDIUM POC PATCH This Month

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +9
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2014-9663 HIGH POC PATCH This Week

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freetype Debian Linux Opensuse +9
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-9662 HIGH POC This Week

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse Debian Linux Ubuntu Linux +2
NVD
CVSS 2.0
7.5
EPSS
5.4%
CVE-2014-9661 HIGH POC This Week

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux Enterprise Linux Desktop Enterprise Linux Hpc Node +7
NVD
CVSS 2.0
7.5
EPSS
3.6%
CVE-2014-9660 HIGH POC PATCH This Week

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Opensuse Ubuntu Linux Debian Linux +9
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-9659 HIGH POC PATCH This Week

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Solaris Freetype +3
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2014-9658 HIGH POC PATCH This Week

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Solaris Ubuntu Linux +10
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-9657 HIGH POC PATCH This Week

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Opensuse Enterprise Linux Desktop +10
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-9656 HIGH POC This Week

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fedora Freetype Debian Linux +2
NVD
CVSS 2.0
7.5
EPSS
2.5%
CVE-2015-1212 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Chrome Ubuntu Linux +6
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-1211 HIGH This Week

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft Chrome Ubuntu Linux +6
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2015-1210 MEDIUM This Month

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Chrome Ubuntu Linux +6
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-1209 HIGH This Week

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Google Microsoft +8
NVD
CVSS 2.0
7.5
EPSS
1.4%
CVE-2015-1382 MEDIUM This Month

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Privoxy Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1381 MEDIUM This Month

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Debian Linux Privoxy
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2015-1380 MEDIUM This Month

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privoxy Solaris Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-1419 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.1%.

Authentication Bypass Opensuse Vsftpd
NVD
CVSS 2.0
5.0
EPSS
76.1%
Threat
4.8
CVE-2015-1182 HIGH This Week

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Opensuse Polarssl
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-8154 HIGH PATCH This Week

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Vala Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2014-8158 MEDIUM This Month

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow Jasper Debian Linux +2
NVD
CVSS 2.0
6.8
EPSS
6.2%
CVE-2014-8157 HIGH This Week

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Opensuse Debian Linux +2
NVD
CVSS 2.0
7.5
EPSS
5.8%
CVE-2014-8148 HIGH This Week

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Opensuse Midgard2
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-9640 MEDIUM This Month

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Vorbis Tools Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-9639 MEDIUM POC This Month

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vorbis Tools Fedora Opensuse
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-9638 MEDIUM POC This Month

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fedora Opensuse Vorbis Tools
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2014-7943 MEDIUM This Month

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Ubuntu Linux Opensuse +6
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2014-7942 HIGH This Week

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chromium Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
2.7%
CVE-2014-7941 MEDIUM This Month

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Chromium Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2014-7939 MEDIUM This Month

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Chrome Chromium Enterprise Linux Desktop Supplementary +4
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-7926 HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-7923 HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary +7
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2015-0427 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Vm Virtualbox Opensuse
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2015-0418 LOW PATCH Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux Opensuse Vm Virtualbox
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0412 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
7.2
EPSS
1.7%
CVE-2015-1196 MEDIUM POC PATCH This Month

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Opensuse Solaris Patch
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-0410 MEDIUM PATCH This Month

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +7
NVD
CVSS 2.0
5.0
EPSS
6.4%
EPSS 7% CVSS 5.0
MEDIUM POC This Month

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Enterprise Linux Desktop +7
NVD
EPSS 43% 4.3 CVSS 7.5
HIGH POC THREAT Act Now

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%.

Denial Of Service RCE PHP +5
NVD
EPSS 33% CVSS 6.8
MEDIUM POC THREAT This Month

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.9%.

Integer Overflow RCE Buffer Overflow +5
NVD
EPSS 11% CVSS 7.5
HIGH POC THREAT Act Now

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

Memory Corruption PHP Denial Of Service +11
NVD
EPSS 17% CVSS 5.0
MEDIUM POC THREAT This Month

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Denial Of Service PHP Buffer Overflow +4
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Fedora +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Glusterfs
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux +5
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris +4
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fedora Opensuse +1
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped. Rated medium severity (CVSS 4.4). No vendor patch available.

Privilege Escalation Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fedora Opensuse Osc +1
NVD
EPSS 4% CVSS 6.4
MEDIUM POC This Month

Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Libarchive Ubuntu Linux +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Mageia +2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Opensuse +1
NVD
EPSS 19% CVSS 5.0
MEDIUM This Month

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.7% and no vendor patch available.

Denial Of Service Apache Http Server +5
NVD GitHub
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Linux Authentication Bypass Linux Kernel +14
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Ubuntu Linux +2
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not. Rated medium severity (CVSS 6.9). No vendor patch available.

Mozilla Information Disclosure Microsoft +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Opensuse +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Ubuntu Linux +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow Ubuntu Linux +2
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Mozilla Information Disclosure Ubuntu Linux +3
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google +4
NVD
EPSS 0% CVSS 2.6
LOW Monitor

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox +2
NVD
EPSS 9% CVSS 7.8
HIGH POC This Week

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Ubuntu Linux +1
NVD
EPSS 5% CVSS 5.0
MEDIUM This Month

The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Server Aus Ubuntu Linux +2
NVD GitHub
EPSS 6% CVSS 6.4
MEDIUM PATCH This Month

X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure X Server +1
NVD
EPSS 0% CVSS 1.9
LOW Monitor

D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service. Rated low severity (CVSS 1.9). No vendor patch available.

Race Condition Denial Of Service Dbus +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Privilege Escalation Opensuse Jython
NVD
EPSS 10% CVSS 5.0
MEDIUM This Month

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.4% and no vendor patch available.

Denial Of Service Openldap Opensuse +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Grep +1
NVD
EPSS 9% CVSS 6.4
MEDIUM POC This Month

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Opensuse +1
NVD
EPSS 2% CVSS 5.0
MEDIUM POC This Month

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ubuntu Linux Freetype +9
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Ubuntu Linux +10
NVD
EPSS 4% CVSS 6.8
MEDIUM POC This Month

Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Ubuntu Linux +9
NVD
EPSS 5% CVSS 5.8
MEDIUM POC PATCH This Month

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Solaris +4
NVD
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node +9
NVD
EPSS 5% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Debian Linux Opensuse +10
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse +3
NVD
EPSS 2% CVSS 6.8
MEDIUM POC This Month

sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Debian Linux +10
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse +11
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fedora +3
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop +11
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freetype +11
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Opensuse +4
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Linux Debian Linux +9
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Opensuse +11
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Fedora +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Microsoft +8
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +8
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +10
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Privoxy +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Debian Linux +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privoxy Solaris +1
NVD
EPSS 76% 4.8 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.1%.

Authentication Bypass Opensuse Vsftpd
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Denial Of Service Opensuse +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 6% CVSS 6.8
MEDIUM This Month

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service RCE Buffer Overflow +4
NVD
EPSS 6% CVSS 7.5
HIGH This Week

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +4
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Vorbis Tools +1
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vorbis Tools Fedora +1
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fedora Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +8
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chromium +7
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +7
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Chrome +6
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Buffer Overflow +9
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Vm Virtualbox +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Debian Linux +2
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle +8
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Opensuse Solaris +1
NVD
EPSS 6% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +9
NVD
Prev Page 7 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy