Skip to main content

Ubuntu Linux

3390 CVEs product

Monthly

CVE-2020-14385 MEDIUM PATCH This Month

A flaw was found in the Linux kernel before 5.9-rc4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14314 MEDIUM PATCH This Month

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14362 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14361 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14346 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server Ubuntu Linux Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14345 HIGH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation X Server Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8927 LIB MEDIUM PATCH This Month

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Brotli Debian Linux Fedora Ubuntu Linux +6
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2020-25285 MEDIUM PATCH This Month

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).

Race Condition Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-25219 HIGH POC This Week

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libproxy Debian Linux Fedora Leap +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-24916 CRITICAL POC PATCH THREAT Act Now

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
17.4%
CVE-2020-24379 CRITICAL POC PATCH Act Now

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Yaws Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2020-25212 HIGH PATCH This Week

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in. Rated high severity (CVSS 7.0).

Linux Information Disclosure Linux Kernel Debian Linux Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-1968 LOW PATCH Monitor

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux Debian Linux Jd Edwards World Security +11
NVD
CVSS 3.1
3.7
EPSS
1.0%
CVE-2020-24659 HIGH POC This Week

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-7729 npm HIGH POC PATCH This Week

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

RCE Grunt Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-24654 LOW PATCH Monitor

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ark Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
3.3
EPSS
1.5%
CVE-2020-15811 MEDIUM PATCH This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Squid Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
4.2%
CVE-2020-15810 MEDIUM This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Squid Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-24584 PyPI HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2020-24583 PyPI HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2020-14364 MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service Information Disclosure Qemu +6
NVD
CVSS 3.1
5.0
EPSS
5.4%
CVE-2020-12829 LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-14415 LOW PATCH Monitor

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2020-24606 HIGH PATCH This Week

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-14367 MEDIUM PATCH This Month

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Chrony Fedora Ubuntu Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-14350 HIGH This Week

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Debian Linux Leap Ubuntu Linux
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2020-8624 MEDIUM This Month

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bind Steelstore Cloud Integrated Storage Ubuntu Linux Debian Linux +2
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2020-8623 HIGH This Week

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Leap Debian Linux +3
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2020-8622 MEDIUM PATCH This Month

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Fedora Debian Linux Ubuntu Linux +4
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2020-8621 HIGH This Week

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Ubuntu Linux Dns Server +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-8620 HIGH This Week

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Steelstore Cloud Integrated Storage Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-15862 HIGH PATCH This Week

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux Cloud Backup Hci Management Node +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-15861 HIGH PATCH This Week

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux Cloud Backup Smi S Provider +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-14356 HIGH POC PATCH This Week

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux +8
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-24394 HIGH PATCH This Week

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Information Disclosure Linux Kernel Ubuntu Linux Leap +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-17538 MEDIUM POC This Month

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16310 MEDIUM POC This Month

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16309 MEDIUM POC This Month

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16308 MEDIUM POC This Month

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16307 MEDIUM POC This Month

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16306 MEDIUM POC This Month

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16305 MEDIUM POC This Month

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16304 MEDIUM POC This Month

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16303 HIGH POC This Week

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2020-16302 MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16301 MEDIUM POC This Month

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16300 MEDIUM POC This Month

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16299 MEDIUM POC This Month

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16298 MEDIUM POC This Month

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16297 MEDIUM POC PATCH This Month

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16296 MEDIUM POC This Month

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2020-16295 MEDIUM POC This Month

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16294 MEDIUM POC This Month

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-16293 MEDIUM POC This Month

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2020-16292 MEDIUM POC This Month

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16291 MEDIUM POC PATCH This Month

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2020-16290 MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16289 MEDIUM POC This Month

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16288 MEDIUM POC This Month

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
2.0%
CVE-2020-16287 MEDIUM POC This Month

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ghostscript Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2020-12674 HIGH POC This Week

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dovecot Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2020-12673 HIGH POC This Week

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dovecot Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
6.2%
CVE-2020-12100 HIGH POC This Week

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dovecot Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-17489 MEDIUM POC This Month

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnome Shell Ubuntu Linux Debian Linux Leap
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-16092 LOW PATCH Monitor

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux Ubuntu Linux Leap
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-15659 HIGH PATCH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +4
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-15658 MEDIUM This Month

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15656 HIGH This Week

JIT optimizations involving the Javascript arguments object could confuse later optimizations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Information Disclosure Firefox Firefox Esr +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-15655 MEDIUM This Month

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-15654 MEDIUM This Month

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15653 MEDIUM This Month

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-15652 MEDIUM This Month

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-9490 HIGH PATCH This Week

Apache HTTP Server versions 2.4.20 to 2.4.43. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Apache Request Smuggling Denial Of Service Http Server Communications Element Manager +23
NVD
CVSS 3.1
7.5
EPSS
89.7%
CVE-2020-11993 HIGH POC PATCH THREAT This Week

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Request Smuggling Information Disclosure Http Server Clustered Data Ontap +11
NVD
CVSS 3.1
7.5
EPSS
58.7%
CVE-2020-11984 CRITICAL POC THREAT Act Now

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Http Server Clustered Data Ontap Ubuntu Linux +10
NVD
CVSS 3.1
9.8
EPSS
90.0%
CVE-2020-15702 HIGH This Week

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Apport Ubuntu Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2020-15701 MEDIUM POC This Month

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apport Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14347 MEDIUM PATCH This Month

A flaw was found in the way xserver memory was not properly initialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure X Server Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-14344 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow Libx11 Fedora +2
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-16116 LOW PATCH Monitor

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ark Debian Linux Fedora Leap +1
NVD GitHub
CVSS 3.1
3.3
EPSS
1.7%
CVE-2020-14311 MEDIUM This Month

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 Enterprise Linux Enterprise Linux Eus +4
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-14310 MEDIUM This Month

There is an issue on grub2 before version 2.06 at function read_section_as_string(). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 Enterprise Linux Enterprise Linux Eus +4
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-16166 LOW PATCH Monitor

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Linux Information Disclosure Linux Kernel Leap Fedora +12
NVD GitHub
CVSS 3.1
3.7
EPSS
5.3%
CVE-2020-16135 MEDIUM POC PATCH This Month

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Libssh Debian Linux Fedora +2
NVD
CVSS 3.1
5.9
EPSS
4.1%
CVE-2020-15707 MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition Debian RCE +16
NVD
CVSS 3.1
6.4
EPSS
1.6%
CVE-2020-15706 MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.0%
CVE-2020-15705 MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 Enterprise Linux Atomic Host Openshift Container Platform +11
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-11934 MEDIUM This Month

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Information Disclosure Ubuntu Linux
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-11933 MEDIUM This Month

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubuntu Privilege Escalation Snapd Ubuntu Linux
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-15900 CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel before 5.9-rc4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Information Disclosure +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation X Server +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Brotli Debian Linux +8
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly. Rated medium severity (CVSS 6.4).

Race Condition Denial Of Service Linux +3
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libproxy Debian Linux +3
NVD GitHub
EPSS 17% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Yaws Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Yaws Ubuntu Linux +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in. Rated high severity (CVSS 7.0).

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux +13
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

An issue was discovered in GnuTLS before 3.6.15. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gnutls +3
NVD
EPSS 2% CVSS 7.1
HIGH POC PATCH This Week

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

RCE Grunt Debian Linux +1
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ark Ubuntu Linux +3
NVD GitHub
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Squid Ubuntu Linux +3
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM This Month

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Squid +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Python Django +3
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. Rated medium severity (CVSS 5.0).

Buffer Overflow RCE Denial Of Service +8
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer position. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Ubuntu Linux +3
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Chrony +2
NVD
EPSS 1% CVSS 7.3
HIGH This Week

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Debian Linux +2
NVD
EPSS 4% CVSS 4.3
MEDIUM This Month

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Bind Steelstore Cloud Integrated Storage +4
NVD
EPSS 6% CVSS 7.5
HIGH This Week

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora +5
NVD
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Fedora +6
NVD
EPSS 3% CVSS 7.5
HIGH This Week

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap +3
NVD
EPSS 4% CVSS 7.5
HIGH This Week

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Net Snmp Ubuntu Linux +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service +10
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Linux Information Disclosure Linux Kernel +4
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ghostscript +2
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ghostscript Debian Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ghostscript Debian Linux +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ghostscript +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +3
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dovecot +3
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Dovecot +3
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dovecot Debian Linux +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gnome Shell Ubuntu Linux +2
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

In QEMU through 5.0.0, an assertion failure can occur in the network packet processing. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Mozilla +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

JIT optimizations involving the Javascript arguments object could confuse later optimizations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Memory Corruption Information Disclosure +5
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 90% CVSS 7.5
HIGH PATCH This Week

Apache HTTP Server versions 2.4.20 to 2.4.43. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Apache Request Smuggling Denial Of Service +25
NVD
EPSS 59% CVSS 7.5
HIGH POC PATCH THREAT This Week

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Request Smuggling Information Disclosure +13
NVD
EPSS 90% CVSS 9.8
CRITICAL POC THREAT Act Now

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apache Http Server +12
NVD
EPSS 0% CVSS 7.0
HIGH This Week

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Apport Ubuntu Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apport Ubuntu Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the way xserver memory was not properly initialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure X Server Debian Linux +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow +4
NVD
EPSS 2% CVSS 3.3
LOW PATCH Monitor

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ark Debian Linux +3
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 +6
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

There is an issue on grub2 before version 2.06 at function read_section_as_string(). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 +6
NVD
EPSS 5% CVSS 3.7
LOW PATCH Monitor

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Linux Information Disclosure Linux Kernel +14
NVD GitHub
EPSS 4% CVSS 5.9
MEDIUM POC PATCH This Month

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Libssh +4
NVD
EPSS 2% CVSS 6.4
MEDIUM POC PATCH This Month

Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not. Rated medium severity (CVSS 6.4). Public exploit code available.

Ubuntu Buffer Overflow Race Condition +18
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already. Rated medium severity (CVSS 6.4).

Race Condition RCE Grub2 +13
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. Rated medium severity (CVSS 6.4).

Jwt Attack Authentication Bypass Grub2 +13
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Information Disclosure Ubuntu Linux
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Ubuntu Privilege Escalation Snapd +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript +2
NVD GitHub
Prev Page 2 of 38 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy