Skip to main content

Ubuntu Linux

3390 CVEs product

Monthly

CVE-2020-11099 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Leap Fedora +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-11098 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2020-11097 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-11096 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-11095 MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora Leap +2
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2020-14954 MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux Neomutt Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%
CVE-2020-8184 Ruby HIGH POC PATCH This Week

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rack Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-3350 MEDIUM This Month

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Cisco Information Disclosure Advanced Malware Protection For Endpoints Clam Antivirus +3
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-8619 MEDIUM This Month

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Leap Debian Linux +2
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2020-8618 MEDIUM This Month

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap Steelstore Cloud Integrated Storage Ubuntu Linux
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2020-14405 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +5
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-14404 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-14403 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2020-14402 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.9%
CVE-2020-14400 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14399 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14398 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +6
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14397 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libvncserver Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-14396 HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libvncserver Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-14154 MEDIUM This Month

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mutt Ubuntu Linux
NVD
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-0543 MEDIUM This Month

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Simatic Itp1000 Firmware Simatic Ipc847D Firmware Simatic Ipc827D Firmware Simatic Ipc677D Firmware Simatic Ipc647D Firmware +691
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-14093 MEDIUM PATCH This Month

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mutt Ubuntu Linux Debian Linux Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%
CVE-2020-10732 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of Userspace core dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel Leap Ubuntu Linux +16
NVD GitHub
CVSS 3.1
4.4
EPSS
0.6%
CVE-2020-0198 HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +3
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-10755 PyPI MEDIUM PATCH This Month

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Openstack Cinder Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-10761 MEDIUM PATCH This Month

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Leap Ubuntu Linux
NVD
CVSS 3.1
5.0
EPSS
1.8%
CVE-2020-10757 HIGH POC PATCH This Week

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Leap Enterprise Linux +7
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-13974 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel 4.4 through 5.7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13696 MEDIUM PATCH This Month

An issue was discovered in LinuxTV xawtv before 3.107. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xawtv Debian Linux Backports Sle Leap +2
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-13625 PHP HIGH POC PATCH This Week

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Phpmailer Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-12695 HIGH This Week

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Unifi Controller Hostapd Rt N11 Adsl +213
NVD GitHub
CVSS 3.1
7.5
EPSS
15.2%
CVE-2020-12049 MEDIUM POC PATCH This Month

An issue was discovered in dbus >= 1.3.0 before 1.12.18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Dbus Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13904 MEDIUM POC PATCH This Month

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Ffmpeg Ubuntu Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-13881 HIGH PATCH This Week

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pam Tacplus Debian Linux Ubuntu Linux Cloudvision Portal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-13800 MEDIUM This Month

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-13765 MEDIUM PATCH This Month

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.6
EPSS
2.4%
CVE-2020-13777 HIGH This Week

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gnutls Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.4
EPSS
17.5%
CVE-2020-13596 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django Fedora Ubuntu Linux +4
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2020-13254 PyPI MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Django Ubuntu Linux Fedora +4
NVD
CVSS 3.1
5.9
EPSS
6.1%
CVE-2020-7663 Ruby HIGH POC PATCH This Week

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Websocket Extensions Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-13754 MEDIUM PATCH This Month

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-13659 LOW PATCH Monitor

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).

Null Pointer Dereference Denial Of Service Qemu Debian Linux Leap +1
NVD
CVSS 3.1
2.5
EPSS
0.4%
CVE-2020-13757 PyPI HIGH POC PATCH This Week

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-12867 MEDIUM POC This Month

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sane Backends Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-13362 LOW PATCH Monitor

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu Debian Linux Leap +1
NVD
CVSS 3.1
3.2
EPSS
0.4%
CVE-2020-13361 LOW PATCH Monitor

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu Debian Linux Leap +1
NVD
CVSS 3.1
3.9
EPSS
0.4%
CVE-2020-13645 MEDIUM POC This Month

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Balsa Glib Networking Ubuntu Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2020-10936 HIGH POC This Week

Sympa before 6.2.56 allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sympa Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-13632 MEDIUM PATCH This Month

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite Fedora Ubuntu Linux +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13631 MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora Ubuntu Linux Cloud Backup +14
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-13630 HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Sqlite Fedora +17
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2020-13253 MEDIUM PATCH This Month

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-6831 CRITICAL PATCH Act Now

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr +4
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2020-12392 MEDIUM This Month

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Path Traversal Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12395 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-3812 MEDIUM POC This Month

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Netqmail Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-3811 HIGH POC This Week

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netqmail Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-13434 MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite Debian Linux Fedora +12
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-12397 MEDIUM PATCH This Month

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-13398 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
8.3
EPSS
2.4%
CVE-2020-13397 MEDIUM PATCH This Month

An issue was discovered in FreeRDP before 2.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-13396 HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
2.3%
CVE-2020-10711 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service Linux Kernel 3Scale +9
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2020-13113 HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Libexif Debian Linux Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
8.2
EPSS
1.9%
CVE-2020-13114 HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libexif Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-13112 CRITICAL PATCH Act Now

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libexif Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.7%
CVE-2020-6463 HIGH This Week

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +5
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-9484 Maven HIGH POC PATCH THREAT This Week

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server;. Rated high severity (CVSS 7.0). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache RCE Deserialization Tomcat Debian Linux +24
NVD
CVSS 3.1
7.0
EPSS
56.6%
CVE-2020-10724 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-10723 MEDIUM PATCH This Month

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-10722 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8617 MEDIUM POC PATCH THREAT This Month

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Bind Debian Linux Fedora Leap +1
NVD GitHub Exploit-DB
CVSS 3.1
5.9
EPSS
93.4%
CVE-2020-12663 HIGH PATCH This Week

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-12662 HIGH PATCH This Week

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unbound Debian Linux Leap Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-13143 MEDIUM PATCH This Month

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Leap +22
NVD
CVSS 3.1
6.5
EPSS
4.5%
CVE-2020-12888 MEDIUM This Month

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. Rated medium severity (CVSS 5.3). No vendor patch available.

Linux Information Disclosure Linux Kernel Fedora Leap +22
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-11526 LOW POC PATCH Monitor

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
2.2
EPSS
2.0%
CVE-2020-11525 LOW POC PATCH Monitor

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
2.2
EPSS
1.7%
CVE-2020-11524 MEDIUM POC PATCH This Month

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Memory Corruption Freerdp Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
6.6
EPSS
1.8%
CVE-2020-11523 MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
2.0%
CVE-2020-11522 MEDIUM POC PATCH This Month

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-11521 MEDIUM POC PATCH This Month

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp Ubuntu Linux Leap +1
NVD GitHub
CVSS 3.1
6.6
EPSS
1.9%
CVE-2020-3810 MEDIUM POC PATCH This Month

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apt Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-11931 LOW Monitor

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Authentication Bypass Pulseaudio Ubuntu Linux
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-0093 MEDIUM PATCH This Month

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android Debian Linux +3
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2020-1945 Maven MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure Ant Ubuntu Linux +48
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2020-3341 HIGH This Week

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus Ubuntu Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2020-3327 HIGH This Week

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2020-11058 LOW PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
2.2
EPSS
1.6%
CVE-2020-12826 MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +4
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rack Debian Linux +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the. Rated medium severity (CVSS 6.3). No vendor patch available.

Race Condition Cisco Information Disclosure +5
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Bind Leap +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libvncserver Ubuntu Linux +7
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver +8
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver +8
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libvncserver +8
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Debian Linux +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Debian Linux +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libvncserver Ubuntu Linux +8
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libvncserver +9
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in LibVNCServer before 0.9.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libvncserver +8
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM This Month

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Mutt Ubuntu Linux
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Simatic Itp1000 Firmware Simatic Ipc847D Firmware Simatic Ipc827D Firmware +693
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Mutt Ubuntu Linux +2
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of Userspace core dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Linux Linux Kernel +18
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +5
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Openstack Cinder +1
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel +9
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in the Linux kernel 4.4 through 5.7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

An issue was discovered in LinuxTV xawtv before 3.107. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xawtv Debian Linux +4
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Phpmailer Fedora +2
NVD GitHub
EPSS 15% CVSS 7.5
HIGH This Week

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Unifi Controller Hostapd +215
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in dbus >= 1.3.0 before 1.12.18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Dbus Ubuntu Linux
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pam Tacplus Debian Linux +2
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Ubuntu Linux +1
NVD
EPSS 2% CVSS 5.6
MEDIUM PATCH This Month

rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu +2
NVD GitHub
EPSS 18% CVSS 7.4
HIGH This Week

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gnutls Fedora +2
NVD
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Python Django +6
NVD
EPSS 6% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Python Information Disclosure Django +6
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Websocket Extensions Debian Linux +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qemu Ubuntu Linux +1
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer. Rated low severity (CVSS 2.5).

Null Pointer Dereference Denial Of Service Qemu +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Sane Backends +4
NVD GitHub
EPSS 0% CVSS 3.2
LOW PATCH Monitor

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu +3
NVD
EPSS 0% CVSS 3.9
LOW PATCH Monitor

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an. Rated low severity (CVSS 3.9). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Qemu +3
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Balsa Glib Networking +4
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Sympa before 6.2.56 allows privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sympa Fedora +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite +11
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Sqlite Fedora +16
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +19
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Qemu +2
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Mozilla Memory Corruption +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Path Traversal Firefox +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla +5
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Netqmail +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netqmail Debian Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite +14
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Information Disclosure Thunderbird +1
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Freerdp +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in FreeRDP before 2.1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in FreeRDP before 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service +11
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Libexif Debian Linux +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in libexif before 0.6.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libexif Ubuntu Linux +1
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in libexif before 0.6.22. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libexif +3
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +7
NVD
EPSS 57% CVSS 7.0
HIGH POC PATCH THREAT This Week

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server;. Rated high severity (CVSS 7.0). This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Apache RCE Deserialization +26
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Data Plane Development Kit +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit +5
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit +5
NVD
EPSS 93% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Bind Debian Linux +3
NVD GitHub Exploit-DB
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Debian Linux +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unbound Debian Linux +3
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +24
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. Rated medium severity (CVSS 5.3). No vendor patch available.

Linux Information Disclosure Linux Kernel +24
NVD
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 2.2
LOW POC PATCH Monitor

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Memory Corruption Freerdp +2
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp +3
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Information Disclosure Freerdp +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apt Debian Linux +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Authentication Bypass Pulseaudio +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure +5
NVD
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. Rated medium severity (CVSS 6.3). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Java Information Disclosure +50
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus +3
NVD
EPSS 5% CVSS 7.5
HIGH This Week

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clam Antivirus +3
NVD
EPSS 2% CVSS 2.2
LOW PATCH Monitor

In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Freerdp Ubuntu Linux +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +4
NVD GitHub
Prev Page 4 of 38 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy