Skip to main content

Opensuse

1196 CVEs product

Monthly

CVE-2014-0483 PyPI LOW POC PATCH Monitor

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Python Privilege Escalation Opensuse Django
NVD GitHub
CVSS 2.0
3.5
EPSS
0.4%
CVE-2014-0482 PyPI MEDIUM PATCH This Month

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Opensuse Django
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2014-0481 PyPI MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload Opensuse Django +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-0480 PyPI MEDIUM PATCH This Month

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Opensuse Django
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2014-3589 PyPI MEDIUM PATCH This Month

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Python Imaging Pillow Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.4%
CVE-2014-5149 MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-5146 MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2014-3594 PyPI LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Horizon Opensuse
NVD
CVSS 2.0
3.5
EPSS
0.6%
CVE-2014-5274 PHP LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin Opensuse
NVD GitHub
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-2524 LOW PATCH Monitor

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Rated low severity (CVSS 3.3).

Information Disclosure Mageia Readline Opensuse Fedora
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2014-3528 MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse Subversion Ubuntu Linux +6
NVD
CVSS 2.0
4.0
EPSS
3.4%
CVE-2014-3522 MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion Opensuse Ubuntu Linux +1
NVD
CVSS 2.0
4.0
EPSS
2.6%
CVE-2014-3429 PyPI MEDIUM PATCH This Month

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Opensuse Ipython Notebook Mageia
NVD GitHub
CVSS 2.0
6.8
EPSS
2.1%
CVE-2013-4159 HIGH This Week

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ctdb Opensuse Mageia
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-5177 LOW PATCH Monitor

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity. Rated low severity (CVSS 1.2).

XXE Enterprise Virtualization Opensuse Enterprise Linux Libvirt
NVD
CVSS 2.0
1.2
EPSS
0.1%
CVE-2014-0179 LOW PATCH Monitor

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction. Rated low severity (CVSS 1.9).

Denial Of Service XXE Libvirt Enterprise Virtualization Opensuse +1
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-4987 MEDIUM This Month

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Opensuse Phpmyadmin
NVD GitHub
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-4943 MEDIUM POC PATCH This Month

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Rated medium severity (CVSS 6.9). Public exploit code available.

Privilege Escalation Linux Linux Kernel Opensuse Linux Enterprise Desktop +3
NVD Exploit-DB GitHub
CVSS 2.0
6.9
EPSS
1.0%
CVE-2014-3533 LOW Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Dbus Mageia Opensuse
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3532 LOW PATCH Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse Debian Linux Mageia +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3487 MEDIUM PATCH This Month

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.5%.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 2.0
4.3
EPSS
14.5%
CVE-2014-3480 MEDIUM PATCH This Month

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 3.1
6.5
EPSS
8.1%
CVE-2014-3479 MEDIUM PATCH This Month

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.8%.

Denial Of Service PHP File Debian Linux Opensuse +1
NVD GitHub
CVSS 2.0
4.3
EPSS
14.8%
CVE-2014-0207 MEDIUM PATCH This Month

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow File Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
9.2%
CVE-2014-0247 CRITICAL Act Now

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fedora Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 2.0
10.0
EPSS
6.6%
CVE-2014-4002 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Opensuse Cacti
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-4608 HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux Buffer Overflow Linux Kernel +4
NVD GitHub
CVSS 3.1
7.3
EPSS
8.6%
CVE-2014-3494 MEDIUM POC This Month

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Opensuse Kdelibs
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4617 MEDIUM This Month

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnupg Debian Linux Opensuse
NVD
CVSS 2.0
5.0
EPSS
8.0%
CVE-2014-4049 MEDIUM PATCH This Month

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 30.7%.

Denial Of Service RCE PHP Buffer Overflow Opensuse +1
NVD GitHub
CVSS 2.0
5.1
EPSS
30.7%
CVE-2014-4165 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Opensuse Ntop
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-3004 Maven MEDIUM POC PATCH This Month

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XXE Castor Opensuse
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
3.6%
CVE-2014-2978 CRITICAL Act Now

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Directfb Opensuse +4
NVD
CVSS 2.0
10.0
EPSS
8.1%
CVE-2014-2977 CRITICAL Act Now

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Opensuse Linux Enterprise Desktop +4
NVD
CVSS 2.0
10.0
EPSS
9.6%
CVE-2014-1542 MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Opensuse Firefox +1
NVD
CVSS 2.0
6.8
EPSS
4.7%
CVE-2014-3470 MEDIUM PATCH This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 91.4%.

OpenSSL Denial Of Service Null Pointer Dereference Storage Fedora +8
NVD
CVSS 2.0
4.3
EPSS
91.4%
CVE-2014-0224 HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server +12
NVD
CVSS 3.1
7.4
EPSS
89.7%
Threat
5.7
CVE-2014-0221 MEDIUM PATCH This Month

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 82.1%.

Denial Of Service OpenSSL Storage Fedora Enterprise Linux +7
NVD
CVSS 2.0
4.3
EPSS
82.1%
CVE-2014-0195 MEDIUM POC PATCH THREAT This Month

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.8%.

OpenSSL Denial Of Service RCE Buffer Overflow MariaDB +3
NVD GitHub
CVSS 2.0
6.8
EPSS
92.8%
Threat
5.6
CVE-2014-3968 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.4%
CVE-2014-3967 MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
CVSS 2.0
5.5
EPSS
0.3%
CVE-2014-3730 PyPI MEDIUM PATCH This Month

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Open Redirect Ubuntu Linux Django Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-1909 HIGH POC This Week

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow Android Debug Bridge Android Sdk Platform Tools +1
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2012-1600 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phppgadmin Opensuse
NVD GitHub
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1934 PyPI LOW PATCH Monitor

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.3).

Python Information Disclosure Eyed3 Opensuse
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2014-0190 MEDIUM This Month

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Null Pointer Dereference Qt Fedora Opensuse +1
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2014-2913 HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Information Disclosure Remote Plugin Executor Opensuse
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
18.6%
CVE-2013-7336 LOW PATCH Monitor

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a. Rated low severity (CVSS 1.9).

Denial Of Service Libvirt Opensuse
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-0198 MEDIUM PATCH This Month

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

OpenSSL Denial Of Service Null Pointer Dereference MariaDB Fedora +6
NVD VulDB
CVSS 2.0
4.3
EPSS
33.0%
CVE-2014-1532 CRITICAL POC Act Now

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +16
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2014-1531 HIGH POC This Week

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +16
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2014-1530 MEDIUM This Month

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Seamonkey Thunderbird +12
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2014-1529 HIGH POC This Week

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +12
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2014-1528 CRITICAL Act Now

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Microsoft RCE +6
NVD VulDB
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1526 MEDIUM PATCH This Month

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Mozilla Privilege Escalation Firefox Seamonkey Ubuntu Linux +2
NVD VulDB
CVSS 2.0
6.8
EPSS
0.7%
CVE-2014-1525 CRITICAL PATCH Act Now

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +6
NVD VulDB
CVSS 2.0
9.3
EPSS
1.9%
CVE-2014-1524 CRITICAL POC Act Now

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +14
NVD
CVSS 3.1
9.8
EPSS
6.4%
CVE-2014-1523 MEDIUM This Month

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Mozilla Buffer Overflow Firefox +14
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2014-1522 CRITICAL POC Act Now

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Mozilla Buffer Overflow RCE +5
NVD VulDB
CVSS 2.0
9.3
EPSS
0.8%
CVE-2014-1519 CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +4
NVD VulDB
CVSS 2.0
9.3
EPSS
2.2%
CVE-2014-1518 HIGH POC This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Firefox +14
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2014-0187 CRITICAL Act Now

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Neutron Ubuntu Linux Opensuse
NVD VulDB
CVSS 2.0
9.0
EPSS
0.5%
CVE-2014-2893 LOW Monitor

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Opensuse Clang
NVD VulDB
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-2554 MEDIUM This Month

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Opensuse Otrs
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-2328 MEDIUM PATCH This Month

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Cacti Fedora Opensuse +1
NVD VulDB
CVSS 2.0
6.5
EPSS
1.1%
CVE-2014-2327 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cacti Debian Linux Opensuse
NVD VulDB
CVSS 2.0
6.8
EPSS
0.4%
CVE-2012-0871 MEDIUM This Month

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Systemd Opensuse
NVD VulDB
CVSS 2.0
6.3
EPSS
0.1%
CVE-2014-0157 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-0128 MEDIUM This Month

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.0% and no vendor patch available.

Denial Of Service Squid Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
55.0%
CVE-2014-1716 HIGH This Week

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Google Code Injection Chrome +2
NVD VulDB
CVSS 2.0
7.5
EPSS
1.1%
CVE-2014-2525 MEDIUM POC THREAT This Month

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.2%.

RCE Buffer Overflow Libyaml Leap Opensuse
NVD VulDB
CVSS 2.0
6.8
EPSS
63.2%
Threat
4.8
CVE-2014-0133 HIGH Act Now

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.9% and no vendor patch available.

Nginx Memory Corruption Buffer Overflow RCE Opensuse
NVD VulDB
CVSS 2.0
7.5
EPSS
20.9%
CVE-2014-2326 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Fedora Opensuse Cacti +1
NVD VulDB
CVSS 2.0
4.3
EPSS
1.3%
CVE-2014-2386 MEDIUM This Month

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Icinga Opensuse
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1514 CRITICAL POC Act Now

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla Buffer Overflow RCE +16
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2014-1513 HIGH POC This Week

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla Buffer Overflow RCE +16
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2014-1512 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Memory Corruption Mozilla RCE Use After Free Firefox +15
NVD
CVSS 2.0
10.0
EPSS
12.9%
CVE-2014-1511 CRITICAL POC THREAT Emergency

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
70.5%
Threat
5.6
CVE-2014-1510 CRITICAL POC THREAT Emergency

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

Mozilla Privilege Escalation Google Firefox Seamonkey +15
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
71.1%
Threat
5.6
CVE-2014-1509 HIGH POC This Week

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE Firefox Seamonkey +13
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2014-1508 CRITICAL POC Act Now

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox +15
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2014-1505 HIGH POC This Week

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +13
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2014-1504 LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation Firefox Seamonkey +5
NVD VulDB
CVSS 2.0
2.6
EPSS
0.6%
CVE-2014-1502 MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse Linux Enterprise Desktop Linux Enterprise Server +4
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-1500 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Opensuse Solaris Firefox +4
NVD VulDB
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-1499 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +4
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-1498 MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service Linux Enterprise Desktop Linux Enterprise Server +5
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1497 HIGH POC This Week

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox +15
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2014-1494 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Seamonkey +6
NVD VulDB
CVSS 2.0
9.3
EPSS
0.6%
CVE-2014-1493 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +15
NVD
CVSS 3.1
9.8
EPSS
1.5%
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Python Privilege Escalation Opensuse +1
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Python Authentication Bypass Opensuse +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Python File Upload +3
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Python Information Disclosure Opensuse +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow before 2.3.2 and 2.5.x before 2.5.2 allows remote attackers to cause a denial of service via a crafted block size. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Python Imaging +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a. Rated medium severity (CVSS 4.7).

Denial Of Service Opensuse Xen
NVD
EPSS 1% CVSS 3.5
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Horizon Opensuse
NVD
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Phpmyadmin Opensuse
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. Rated low severity (CVSS 3.3).

Information Disclosure Mageia Readline +2
NVD
EPSS 3% CVSS 4.0
MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse +8
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion +3
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Opensuse +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related to "several temp file vulnerabilities" in (1) tcp/tcp_connect.c, (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ctdb Opensuse +1
NVD
EPSS 0% CVSS 1.2
LOW PATCH Monitor

libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity. Rated low severity (CVSS 1.2).

XXE Enterprise Virtualization Opensuse +2
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction. Rated low severity (CVSS 1.9).

Denial Of Service XXE Libvirt +3
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Opensuse +1
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. Rated medium severity (CVSS 6.9). Public exploit code available.

Privilege Escalation Linux Linux Kernel +5
NVD Exploit-DB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Debian Linux Dbus +2
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse +3
NVD
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.5%.

Denial Of Service PHP File +3
NVD GitHub
EPSS 8% CVSS 6.5
MEDIUM PATCH This Month

The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP File +3
NVD GitHub
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.8%.

Denial Of Service PHP File +3
NVD GitHub
EPSS 9% CVSS 6.5
MEDIUM PATCH This Month

The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service PHP Buffer Overflow +4
NVD GitHub
EPSS 7% CVSS 10.0
CRITICAL Act Now

LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fedora Enterprise Linux Desktop +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS PHP Opensuse +1
NVD
EPSS 9% CVSS 7.3
HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux +6
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Opensuse Kdelibs
NVD
EPSS 8% CVSS 5.0
MEDIUM This Month

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gnupg Debian Linux +1
NVD
EPSS 31% CVSS 5.1
MEDIUM PATCH This Month

Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 30.7%.

Denial Of Service RCE PHP +3
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Opensuse Ntop
NVD
EPSS 4% CVSS 4.3
MEDIUM POC PATCH This Month

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XXE Castor Opensuse
NVD Exploit-DB
EPSS 8% CVSS 10.0
CRITICAL Act Now

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +6
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow +6
NVD
EPSS 5% CVSS 6.8
MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +3
NVD
EPSS 91% CVSS 4.3
MEDIUM PATCH This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 91.4%.

OpenSSL Denial Of Service Null Pointer Dereference +10
NVD
EPSS 90% 5.7 CVSS 7.4
HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform +14
NVD
EPSS 82% CVSS 4.3
MEDIUM PATCH This Month

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 82.1%.

Denial Of Service OpenSSL Storage +9
NVD
EPSS 93% 5.6 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.8%.

OpenSSL Denial Of Service RCE +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Opensuse
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Open Redirect Ubuntu Linux +3
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Buffer Overflow +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Phppgadmin +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file. Rated low severity (CVSS 3.3).

Python Information Disclosure Eyed3 +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Null Pointer Dereference Qt +3
NVD
EPSS 19% CVSS 7.5
HIGH POC THREAT Act Now

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Information Disclosure Remote Plugin Executor Opensuse
NVD Exploit-DB
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a. Rated low severity (CVSS 1.9).

Denial Of Service Libvirt Opensuse
NVD
EPSS 33% CVSS 4.3
MEDIUM PATCH This Month

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 33.0%.

OpenSSL Denial Of Service Null Pointer Dereference +8
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +18
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +18
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox +14
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox +14
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +8
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Mozilla Privilege Escalation Firefox +4
NVD VulDB
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +8
NVD VulDB
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow +16
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Mozilla +16
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Mozilla +7
NVD VulDB
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Mozilla RCE +6
NVD VulDB
EPSS 3% CVSS 8.8
HIGH POC This Week

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla RCE +16
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Neutron Ubuntu Linux +1
NVD VulDB
EPSS 0% CVSS 1.9
LOW Monitor

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary. Rated low severity (CVSS 1.9). No vendor patch available.

Information Disclosure Opensuse Clang
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Opensuse Otrs
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Cacti +3
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cacti Debian Linux +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Systemd Opensuse
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Horizon Opensuse
NVD VulDB
EPSS 55% CVSS 5.0
MEDIUM This Month

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 55.0% and no vendor patch available.

Denial Of Service Squid Opensuse
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Google +4
NVD VulDB
EPSS 63% 4.8 CVSS 6.8
MEDIUM POC THREAT This Month

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 63.2%.

RCE Buffer Overflow Libyaml +2
NVD VulDB
EPSS 21% CVSS 7.5
HIGH Act Now

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.9% and no vendor patch available.

Nginx Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Fedora +3
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Icinga +1
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla +18
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla +18
NVD
EPSS 13% CVSS 10.0
CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Memory Corruption Mozilla RCE +17
NVD
EPSS 70% 5.6 CVSS 9.8
CRITICAL POC THREAT Emergency

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Mozilla Privilege Escalation Firefox +15
NVD Exploit-DB
EPSS 71% 5.6 CVSS 9.8
CRITICAL POC THREAT Emergency

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

Mozilla Privilege Escalation Google +17
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla +17
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox +15
NVD
EPSS 1% CVSS 2.6
LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation +7
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse +6
NVD VulDB
EPSS 2% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Opensuse +6
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop +6
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service +7
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla +17
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +8
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow +17
NVD
Prev Page 9 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy