Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2015-0408 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +6
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2015-0400 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-0395 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.3%.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +5
NVD
CVSS 2.0
9.3
EPSS
19.3%
CVE-2015-0383 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via. Rated medium severity (CVSS 5.4).

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +8
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2015-0377 MEDIUM This Month

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Oracle Vm Virtualbox Debian Linux Opensuse
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-6601 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
10.0
EPSS
15.9%
CVE-2014-6595 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse Vm Virtualbox
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2014-6590 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse Vm Virtualbox
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2014-6589 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse Vm Virtualbox
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2014-6588 LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse Vm Virtualbox
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2014-9601 PyPI MEDIUM PATCH This Month

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pillow Solaris Fedora Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9496 LOW POC PATCH Monitor

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile Opensuse Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0552 MEDIUM POC This Month

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gcab Opensuse
NVD
CVSS 2.0
6.4
EPSS
0.7%
CVE-2014-8643 HIGH This Week

Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Microsoft Opensuse Firefox
NVD
CVSS 2.0
7.1
EPSS
1.3%
CVE-2014-8642 MEDIUM This Month

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Seamonkey Opensuse Firefox
NVD
CVSS 2.0
4.3
EPSS
0.7%
CVE-2014-8640 MEDIUM This Month

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Mozilla Denial Of Service Firefox Opensuse +1
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-0564 MEDIUM This Month

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Linux Solaris +2
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-0563 MEDIUM This Month

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2015-0561 MEDIUM This Month

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0560 MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2015-0559 MEDIUM This Month

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2014-9585 LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +16
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-9584 LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Aus Enterprise Linux Desktop +15
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-9529 MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux Buffer Overflow Linux Kernel +10
NVD GitHub
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0361 HIGH PATCH This Week

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-9221 MEDIUM This Month

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Strongswan Opensuse Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
6.9%
CVE-2014-8132 MEDIUM PATCH This Month

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libssh Debian Linux Opensuse Fedora +1
NVD
CVSS 2.0
5.0
EPSS
3.3%
CVE-2014-8136 LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia Libvirt Ubuntu Linux +5
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-5353 LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Enterprise Linux Desktop Enterprise Linux Eus +9
NVD GitHub
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-8964 MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre MariaDB Fedora +8
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-8134 LOW POC PATCH Monitor

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Authentication Bypass Linux Kernel Ubuntu Linux Evergreen +2
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2014-8124 MEDIUM PATCH This Month

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Horizon Fedora Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-9066 MEDIUM PATCH This Month

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog. Rated medium severity (CVSS 4.7).

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-9065 MEDIUM PATCH This Month

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and. Rated medium severity (CVSS 4.4).

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-9273 MEDIUM POC PATCH This Month

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Buffer Overflow Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +3
NVD GitHub
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-8600 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kwebkitpart Kde Runtime Kio Extras Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8104 MEDIUM This Month

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mageia Debian Linux Opensuse Openvpn +2
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-9220 HIGH PATCH This Week

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fedora Openvas Manager Opensuse
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-8867 MEDIUM PATCH This Month

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop Xen Debian Linux +1
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-8866 MEDIUM PATCH This Month

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7).

Denial Of Service Debian Linux Xen Opensuse
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-8961 MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
4.0
EPSS
1.4%
CVE-2014-8959 MEDIUM POC PATCH This Month

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
6.5
EPSS
2.8%
CVE-2014-9030 HIGH PATCH This Week

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Xen Debian Linux Opensuse
NVD
CVSS 2.0
7.1
EPSS
1.6%
CVE-2014-7817 MEDIUM This Month

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux Glibc Opensuse
NVD
CVSS 2.0
4.6
EPSS
0.2%
CVE-2014-8768 MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse Ubuntu Linux Solaris +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
28.3%
CVE-2014-8595 LOW PATCH Monitor

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a. Rated low severity (CVSS 1.9).

Denial Of Service Debian Linux Xen Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-8594 MEDIUM PATCH This Month

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Denial Of Service Opensuse Debian Linux Xen
NVD
CVSS 2.0
5.4
EPSS
1.3%
CVE-2014-7829 Ruby MEDIUM POC PATCH This Month

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opensuse Rails Ruby On Rails
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0250 HIGH This Week

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Opensuse
NVD GitHub
CVSS 2.0
7.5
EPSS
3.1%
CVE-2014-3707 MEDIUM This Month

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow Ubuntu Linux Mac Os X Opensuse +3
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-8564 MEDIUM PATCH This Month

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Enterprise Linux Desktop Enterprise Linux Hpc Node +4
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-8559 MEDIUM POC PATCH This Month

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Suse Linux Enterprise Desktop +6
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-7818 Ruby MEDIUM PATCH This Month

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rails Ruby On Rails Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-6300 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS CSRF Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3693 HIGH PATCH This Week

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 2.0
7.5
EPSS
4.3%
CVE-2014-8483 MEDIUM PATCH This Month

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 2.0
5.0
EPSS
3.2%
CVE-2014-8326 PHP LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-4540 HIGH PATCH This Week

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu Opensuse
NVD
CVSS 2.0
7.5
EPSS
3.8%
CVE-2014-8080 MEDIUM POC This Month

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensuse Ubuntu Linux Ruby Enterprise Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
9.8%
CVE-2014-3615 LOW PATCH Monitor

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux Enterprise Linux Desktop Enterprise Linux Eus +8
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3475 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-3474 PyPI LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Horizon Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-3473 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0334 Ruby MEDIUM PATCH This Month

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bundler Opensuse Fedora
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3694 MEDIUM PATCH This Month

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure OpenSSL Opensuse Ubuntu Linux Debian Linux +1
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-3636 LOW PATCH Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of. Rated low severity (CVSS 1.9).

Denial Of Service D Bus Dbus Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-5026 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Debian Linux Cacti Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2014-5025 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux Opensuse Cacti
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-2576 MEDIUM This Month

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Claws Mail Opensuse
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-1830 PyPI MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Opensuse Requests
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-0569 CRITICAL POC PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 89.0%.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
89.0%
Threat
6.0
CVE-2014-0564 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +7
NVD
CVSS 2.0
10.0
EPSS
6.1%
CVE-2014-4043 HIGH POC This Week

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Glibc Opensuse
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2014-7155 MEDIUM PATCH This Month

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Debian Linux Fedora +1
NVD
CVSS 2.0
5.8
EPSS
1.0%
CVE-2014-7154 MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora Debian Linux Xen +1
NVD
CVSS 2.0
6.1
EPSS
0.7%
CVE-2014-5459 LOW POC Monitor

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Solaris Evergreen Opensuse
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-3639 LOW PATCH Monitor

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Opensuse D Bus Dbus
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3638 LOW PATCH Monitor

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service D Bus Dbus Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3637 LOW PATCH Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3635 MEDIUM PATCH This Month

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to. Rated medium severity (CVSS 4.4). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow D Bus Dbus +1
NVD
CVSS 2.0
4.4
EPSS
0.2%
CVE-2014-3985 MEDIUM POC PATCH This Month

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Miniupnp Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.9%
CVE-2014-0553 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Google RCE Microsoft Adobe Air Sdk +4
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2014-5461 MEDIUM POC PATCH THREAT This Month

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service Buffer Overflow Opensuse Ubuntu Linux Debian Linux +2
NVD
CVSS 2.0
5.0
EPSS
10.6%
CVE-2014-1564 MEDIUM POC THREAT This Month

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.9%.

Memory Corruption Mozilla Information Disclosure Evergreen Opensuse +2
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
13.9%
CVE-2014-1563 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +6
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2014-1553 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Evergreen +3
NVD
CVSS 2.0
10.0
EPSS
0.6%
CVE-2014-3169 HIGH This Week

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Opensuse Chrome
NVD
CVSS 2.0
7.5
EPSS
3.2%
CVE-2014-3168 HIGH This Week

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux Opensuse
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-2528 MEDIUM POC PATCH This Month

kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kdirstat Opensuse
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2014-2527 MEDIUM POC PATCH This Month

kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kdirstat Opensuse
NVD
CVSS 2.0
6.8
EPSS
1.0%
EPSS 9% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +8
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +6
NVD
EPSS 19% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.3%.

Information Disclosure Java Oracle +7
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via. Rated medium severity (CVSS 5.4).

Information Disclosure Java Oracle +10
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Oracle Vm Virtualbox +2
NVD
EPSS 16% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Information Disclosure Java Oracle +8
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse +1
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse +1
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse +1
NVD
EPSS 0% CVSS 3.2
LOW Monitor

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pillow Solaris +2
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile Opensuse +3
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM POC This Month

Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gcab Opensuse
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Microsoft +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Seamonkey +2
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Mozilla Denial Of Service +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +4
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel +18
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +17
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly. Rated medium severity (CVSS 6.9).

Denial Of Service Race Condition Linux +12
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Xen Opensuse
NVD
EPSS 7% CVSS 5.0
MEDIUM This Month

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Strongswan +4
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libssh Debian Linux +3
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Mageia +7
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 +11
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre +10
NVD
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Authentication Bypass Linux Kernel +4
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Horizon Fedora +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog. Rated medium severity (CVSS 4.7).

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and. Rated medium severity (CVSS 4.4).

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

RCE Buffer Overflow Opensuse +5
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Kwebkitpart Kde Runtime +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mageia Debian Linux +4
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Fedora Openvas Manager +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Denial Of Service Enterprise Linux Enterprise Linux Desktop +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via. Rated medium severity (CVSS 4.7).

Denial Of Service Debian Linux Xen +1
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Phpmyadmin +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Opensuse +1
NVD GitHub
EPSS 2% CVSS 7.1
HIGH PATCH This Week

The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Linux Debian Linux +2
NVD
EPSS 28% CVSS 5.0
MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse +3
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW PATCH Monitor

arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a. Rated low severity (CVSS 1.9).

Denial Of Service Debian Linux Xen +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable.

Denial Of Service Opensuse Debian Linux +1
NVD
EPSS 0% CVSS 5.0
MEDIUM POC PATCH This Month

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opensuse Rails +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Freerdp Opensuse
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Buffer Overflow Ubuntu Linux +5
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +6
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +8
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Rails Ruby On Rails +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS CSRF Opensuse +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Enterprise Linux Desktop +5
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Information Disclosure Buffer Overflow +4
NVD GitHub
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Phpmyadmin +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Qemu +1
NVD
EPSS 10% CVSS 5.0
MEDIUM POC This Month

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opensuse Ubuntu Linux +2
NVD VulDB
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The VGA emulator in QEMU allows local guest users to read host memory by setting the display to a high resolution. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Qemu Debian Linux +10
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Horizon Opensuse
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Bundler Opensuse +1
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure OpenSSL Opensuse +3
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of. Rated low severity (CVSS 1.9).

Denial Of Service D Bus Dbus +1
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Debian Linux Cacti +1
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Debian Linux +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Claws Mail Opensuse
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Opensuse +1
NVD GitHub
EPSS 89% 6.0 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 89.0%.

Integer Overflow Adobe RCE +8
NVD Exploit-DB
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Buffer Overflow +9
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Glibc +1
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Race Condition Denial Of Service Fedora +3
NVD
EPSS 0% CVSS 3.6
LOW POC Monitor

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Solaris +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Opensuse D Bus +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service D Bus Dbus +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to. Rated medium severity (CVSS 4.4). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 2% CVSS 5.0
MEDIUM POC PATCH This Month

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Miniupnp +1
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Google RCE +6
NVD
EPSS 11% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Denial Of Service Buffer Overflow Opensuse +4
NVD
EPSS 14% CVSS 4.3
MEDIUM POC THREAT This Month

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.9%.

Memory Corruption Mozilla Information Disclosure +4
NVD Exploit-DB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +8
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +5
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome +2
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kdirstat Opensuse
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Kdirstat Opensuse
NVD
Prev Page 8 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy