Skip to main content

Solaris

485 CVEs product

Monthly

CVE-2015-2571 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +11
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2568 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Communications Policy Management MySQL +12
NVD
CVSS 2.0
5.0
EPSS
4.0%
CVE-2015-0505 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +11
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0499 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +11
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0471 MEDIUM This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2015-0448 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
7.2
EPSS
0.2%
CVE-2015-0433 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management MySQL Solaris +12
NVD
CVSS 2.0
4.0
EPSS
0.5%
CVE-2015-0251 MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2015-0248 MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse Xcode Enterprise Linux Desktop +5
NVD
CVSS 2.0
5.0
EPSS
15.8%
CVE-2015-0798 MEDIUM This Month

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google Solaris Firefox +1
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-1351 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Memory Corruption PHP Denial Of Service Use After Free Secure Backup +3
NVD
CVSS 2.0
7.5
EPSS
19.1%
CVE-2015-2317 PyPI MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux Fedora Opensuse +3
NVD
CVSS 2.0
4.3
EPSS
4.3%
CVE-2015-2316 PyPI MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris Django Ubuntu Linux +2
NVD
CVSS 2.0
5.0
EPSS
2.0%
CVE-2015-2155 HIGH PATCH This Week

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux Fedora Opensuse +2
NVD
CVSS 2.0
7.5
EPSS
4.5%
CVE-2015-2190 MEDIUM This Month

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark Solaris
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-2189 MEDIUM This Month

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Linux Solaris +3
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-2188 MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Mageia Opensuse +3
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0829 MEDIUM This Month

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Ubuntu Linux Opensuse +2
NVD
CVSS 2.0
6.8
EPSS
2.2%
CVE-2015-0828 MEDIUM This Month

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Solaris +2
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2014-9512 MEDIUM POC This Month

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Opensuse Solaris
NVD
CVSS 2.0
6.4
EPSS
8.9%
CVE-2014-9674 HIGH POC PATCH This Week

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Ubuntu Linux Solaris Fedora +8
NVD
CVSS 2.0
7.5
EPSS
5.1%
CVE-2014-9672 MEDIUM POC PATCH This Month

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Solaris Debian Linux Ubuntu Linux +2
NVD
CVSS 2.0
5.8
EPSS
4.7%
CVE-2014-9671 MEDIUM POC PATCH This Month

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus Enterprise Linux Server +7
NVD
CVSS 2.0
4.3
EPSS
3.2%
CVE-2014-9670 MEDIUM POC PATCH This Month

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Debian Linux Opensuse Fedora Solaris +8
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2014-9669 MEDIUM POC PATCH This Month

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Ubuntu Linux Freetype +10
NVD
CVSS 2.0
6.8
EPSS
2.4%
CVE-2014-9666 MEDIUM POC PATCH This Month

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse Solaris Ubuntu Linux +9
NVD
CVSS 2.0
6.8
EPSS
1.4%
CVE-2014-9664 MEDIUM POC PATCH This Month

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus +9
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2014-9663 HIGH POC PATCH This Week

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freetype Debian Linux Opensuse +9
NVD
CVSS 2.0
7.5
EPSS
2.6%
CVE-2014-9660 HIGH POC PATCH This Week

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Opensuse Ubuntu Linux Debian Linux +9
NVD
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-9659 HIGH POC PATCH This Week

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Solaris Freetype +3
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2014-9658 HIGH POC PATCH This Week

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Solaris Ubuntu Linux +10
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2014-9657 HIGH POC PATCH This Week

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Opensuse Enterprise Linux Desktop +10
NVD
CVSS 2.0
7.5
EPSS
1.5%
CVE-2015-1380 MEDIUM This Month

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privoxy Solaris Opensuse
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-0432 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Ubuntu Linux Debian Linux +11
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2015-0411 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Ubuntu Linux Debian Linux Fedora +5
NVD
CVSS 2.0
7.5
EPSS
9.6%
CVE-2015-1196 MEDIUM POC PATCH This Month

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Opensuse Solaris Patch
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-1038 MEDIUM POC This Month

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Fedora Solaris P7Zip
NVD
CVSS 2.0
5.8
EPSS
3.2%
CVE-2015-0382 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management Solaris MySQL +14
NVD
CVSS 2.0
4.3
EPSS
15.2%
CVE-2015-0381 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris MySQL Ubuntu Linux +14
NVD
CVSS 2.0
4.3
EPSS
5.0%
CVE-2015-0378 LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0374 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Debian Linux Fedora +13
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2014-6568 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Eus +13
NVD
CVSS 2.0
3.5
EPSS
2.9%
CVE-2015-0973 HIGH POC This Week

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Solaris Libpng Mac Os X
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2014-9601 PyPI MEDIUM PATCH This Month

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pillow Solaris Fedora Opensuse
NVD GitHub
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-9496 LOW POC PATCH Monitor

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile Opensuse Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2015-0564 MEDIUM This Month

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark Linux Solaris +2
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2015-0561 MEDIUM This Month

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-8145 HIGH POC THREAT Act Now

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Buffer Overflow Microsoft Sound Exchange Debian Linux Solaris
NVD
CVSS 2.0
7.5
EPSS
13.0%
CVE-2014-5353 LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 Enterprise Linux Desktop Enterprise Linux Eus +9
NVD GitHub
CVSS 2.0
3.5
EPSS
0.7%
CVE-2014-8964 MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre MariaDB Fedora +8
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-6052 HIGH POC PATCH This Week

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Denial Of Service Libvncserver Solaris Debian Linux +1
NVD GitHub
CVSS 2.0
7.5
EPSS
5.2%
CVE-2014-8124 MEDIUM PATCH This Month

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Horizon Fedora Opensuse Solaris
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-8094 MEDIUM PATCH This Month

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow RCE Buffer Overflow Denial Of Service X Server +2
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-7142 MEDIUM This Month

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.2% and no vendor patch available.

Denial Of Service Solaris Ubuntu Linux Squid
NVD
CVSS 2.0
6.4
EPSS
64.2%
CVE-2014-8991 PyPI LOW PATCH Monitor

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Pip Solaris
NVD GitHub
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-8768 MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse Ubuntu Linux Solaris +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
28.3%
CVE-2014-6559 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space MariaDB Solaris +5
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-6551 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +4
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-6530 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL MariaDB +4
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6507 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB Solaris MySQL +4
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2014-6500 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris Junos Space MariaDB +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6496 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space Solaris MariaDB +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6495 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL Solaris Junos Space +5
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2014-6494 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB Solaris Junos Space +5
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-6491 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL Junos Space MariaDB +1
NVD
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-6478 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space MySQL Solaris +5
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2014-6469 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB MySQL Solaris +4
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-6463 LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris MySQL Linux Enterprise Desktop +4
NVD
CVSS 2.0
3.3
EPSS
0.6%
CVE-2014-4274 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to. Rated medium severity (CVSS 4.1).

Information Disclosure Oracle Solaris MySQL MariaDB
NVD
CVSS 2.0
4.1
EPSS
0.2%
CVE-2014-0397 CRITICAL Act Now

Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Oracle Solaris
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-6051 HIGH PATCH This Week

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Enterprise Linux Server Aus Enterprise Linux Server Eus +4
NVD GitHub
CVSS 2.0
7.5
EPSS
6.6%
CVE-2014-5459 LOW POC Monitor

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Solaris Evergreen Opensuse
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2014-6270 MEDIUM PATCH This Month

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.2%.

Denial Of Service RCE Buffer Overflow Squid Solaris
NVD
CVSS 2.0
6.8
EPSS
18.2%
CVE-2014-1563 CRITICAL Act Now

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Mozilla Buffer Overflow +6
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2014-1561 MEDIUM This Month

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Firefox Solaris
NVD
CVSS 2.0
5.8
EPSS
0.8%
CVE-2014-1557 CRITICAL Act Now

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection Solaris Firefox +3
NVD
CVSS 2.0
9.3
EPSS
2.4%
CVE-2014-3532 LOW PATCH Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse Debian Linux Mageia +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4260 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris Debian Linux +5
NVD
CVSS 2.0
5.5
EPSS
0.5%
CVE-2014-4258 MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Vcenter Server Appliance Solaris +9
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2014-4243 LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris MySQL MariaDB +3
NVD
CVSS 2.0
2.8
EPSS
0.7%
CVE-2014-1542 MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE Opensuse Firefox +1
NVD
CVSS 2.0
6.8
EPSS
4.7%
CVE-2014-1528 CRITICAL Act Now

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow Microsoft RCE +6
NVD VulDB
CVSS 2.0
10.0
EPSS
1.3%
CVE-2014-1527 MEDIUM This Month

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Fedora Firefox +1
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-2440 MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL Solaris MariaDB +6
NVD VulDB
CVSS 2.0
5.1
EPSS
0.8%
CVE-2014-2436 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL Solaris MariaDB +6
NVD VulDB
CVSS 2.0
6.5
EPSS
0.9%
CVE-2014-2432 LOW Monitor

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris MySQL Enterprise Linux Desktop +6
NVD VulDB
CVSS 2.0
2.8
EPSS
0.8%
CVE-2014-2431 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris MySQL Enterprise Linux Desktop +6
NVD VulDB
CVSS 2.0
2.6
EPSS
1.0%
CVE-2014-2430 LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL Solaris MariaDB +6
NVD VulDB
CVSS 2.0
3.5
EPSS
0.6%
CVE-2014-2419 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris MySQL MariaDB +6
NVD VulDB
CVSS 2.0
4.0
EPSS
1.3%
CVE-2013-5704 MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server Enterprise Linux Desktop Enterprise Linux Eus +12
NVD VulDB
CVSS 2.0
5.0
EPSS
64.7%
Threat
4.4
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +13
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security :. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +14
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Linux Enterprise Desktop +13
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL +13
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. Rated medium severity (CVSS 4.4). No vendor patch available.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Communications Policy Management +14
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse +7
NVD
EPSS 16% CVSS 5.0
MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse +7
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation Google +3
NVD
EPSS 19% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Memory Corruption PHP Denial Of Service +5
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Debian Linux +5
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Python Solaris +4
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux +4
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Opensuse Wireshark +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +5
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +5
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +4
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE +4
NVD
EPSS 9% CVSS 6.4
MEDIUM POC This Month

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rsync Opensuse +1
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Ubuntu Linux +10
NVD
EPSS 5% CVSS 5.8
MEDIUM POC PATCH This Month

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Solaris +4
NVD
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Enterprise Linux Desktop Enterprise Linux Hpc Node +9
NVD
EPSS 5% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Debian Linux Opensuse +10
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse +11
NVD
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Buffer Overflow Enterprise Linux Desktop +11
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freetype +11
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Opensuse +11
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +5
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow +12
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privoxy Solaris +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +13
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Ubuntu Linux +7
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Opensuse Solaris +1
NVD
EPSS 3% CVSS 5.8
MEDIUM POC This Month

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Fedora Solaris +1
NVD
EPSS 15% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.2%.

Information Disclosure Oracle Communications Policy Management +16
NVD
EPSS 5% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Solaris +16
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +15
NVD
EPSS 3% CVSS 3.5
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Ubuntu Linux +15
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Solaris +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Pillow Solaris +2
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Libsndfile Opensuse +3
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Wireshark +4
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wireshark Opensuse +1
NVD
EPSS 13% CVSS 7.5
HIGH POC THREAT Act Now

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Buffer Overflow Microsoft Sound Exchange +2
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Kerberos 5 +11
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM This Month

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Pcre +10
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Denial Of Service Libvncserver +3
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Horizon Fedora +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow RCE Buffer Overflow +4
NVD
EPSS 64% CVSS 6.4
MEDIUM This Month

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 64.2% and no vendor patch available.

Denial Of Service Solaris Ubuntu Linux +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Pip Solaris
NVD GitHub
EPSS 28% CVSS 5.0
MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse +3
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris +6
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +6
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB +6
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle MariaDB +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MySQL +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Oracle Junos Space +7
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle MariaDB +6
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Solaris +6
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to. Rated medium severity (CVSS 4.1).

Information Disclosure Oracle Solaris +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 and 11.1 have unspecified impact and attack vectors related to "Buffer errors.". Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Oracle Solaris
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +6
NVD GitHub
EPSS 0% CVSS 3.6
LOW POC Monitor

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/,. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Solaris +2
NVD
EPSS 18% CVSS 6.8
MEDIUM PATCH This Month

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 18.2%.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +8
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Firefox +1
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Code Injection +5
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Dbus Opensuse +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +11
NVD
EPSS 1% CVSS 2.8
LOW Monitor

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris +5
NVD
EPSS 5% CVSS 6.8
MEDIUM This Month

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Buffer Overflow RCE +3
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Buffer Overflow +8
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure +3
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM PATCH This Month

Unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL +8
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL +8
NVD VulDB
EPSS 1% CVSS 2.8
LOW Monitor

Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated. Rated low severity (CVSS 2.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris +8
NVD VulDB
EPSS 1% CVSS 2.6
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Solaris +8
NVD VulDB
EPSS 1% CVSS 3.5
LOW Monitor

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle MySQL +8
NVD VulDB
EPSS 1% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris +8
NVD VulDB
EPSS 65% 4.4 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 64.7%.

Authentication Bypass Apache Http Server +14
NVD VulDB
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy