Skip to main content

Ubuntu Linux

3390 CVEs product

Monthly

CVE-2020-11608 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.6.1. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-11565 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.6.2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-11501 HIGH PATCH This Week

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Ubuntu Linux Debian Linux Leap +1
NVD
CVSS 3.1
7.4
EPSS
3.4%
CVE-2020-11494 MEDIUM PATCH This Month

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Leap Debian Linux +1
NVD GitHub
CVSS 3.1
4.4
EPSS
0.7%
CVE-2020-8835 HIGH POC PATCH This Week

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Fedora +25
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2020-11100 HIGH This Week

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Haproxy Debian Linux +4
NVD
CVSS 3.1
8.8
EPSS
60.7%
CVE-2020-1927 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Http Server Fedora Debian Linux +11
NVD
CVSS 3.1
6.1
EPSS
56.7%
CVE-2020-1934 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Apache Information Disclosure Http Server Fedora Debian Linux +8
NVD
CVSS 3.1
5.3
EPSS
52.0%
CVE-2020-7065 HIGH POC PATCH This Week

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Stack Overflow PHP Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2020-7064 MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure Debian Linux Ubuntu Linux +2
NVD
CVSS 3.1
5.4
EPSS
4.3%
CVE-2020-6814 CRITICAL Act Now

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-6812 MEDIUM This Month

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-6811 HIGH POC This Week

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Command Injection Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2020-6807 HIGH This Week

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-6806 HIGH This Week

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-6805 HIGH This Week

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10942 MEDIUM POC PATCH This Month

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. Rated medium severity (CVSS 5.3). Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Leap +2
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-1951 Maven MEDIUM PATCH This Month

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Tika Business Process Management Suite Communications Messaging Server +3
NVD
CVSS 3.1
5.5
EPSS
2.8%
CVE-2020-1950 Maven MEDIUM PATCH This Month

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Tika Business Process Management Suite Communications Messaging Server +3
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2020-0556 HIGH PATCH This Week

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Privilege Escalation Bluez Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-10531 HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode Enterprise Linux Desktop Enterprise Linux Server +8
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-10109 PyPI CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-10108 PyPI CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Twisted Fedora Debian Linux +3
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2020-10174 HIGH PATCH This Week

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. Rated high severity (CVSS 7.0).

Information Disclosure Timeshift Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-9402 PyPI HIGH POC PATCH THREAT This Week

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Python SQLi Oracle Django Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
22.5%
CVE-2020-10029 MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical Glibc Fedora +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2020-10018 CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Use After Free +6
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-6801 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 72. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-6800 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6794 MEDIUM POC This Month

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-6792 MEDIUM This Month

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Ubuntu Linux
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-7062 HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service PHP Leap +2
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-9274 HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Pure Ftpd Debian Linux Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2020-8794 CRITICAL POC PATCH THREAT Act Now

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Information Disclosure Opensmtpd Ubuntu Linux +2
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
88.9%
CVE-2020-8793 MEDIUM POC This Month

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Opensmtpd Fedora Ubuntu Linux
NVD Exploit-DB
CVSS 3.1
4.7
EPSS
0.9%
CVE-2020-9383 HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.16 through 5.5.6. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +10
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-1935 Maven MEDIUM PATCH This Month

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Request Smuggling Tomcat Information Disclosure Debian Linux +18
NVD
CVSS 3.1
4.8
EPSS
9.4%
CVE-2020-8130 Ruby MEDIUM POC PATCH This Month

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Rake Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
6.4
EPSS
1.4%
CVE-2020-9327 HIGH PATCH This Week

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite Cloud Backup Ubuntu Linux +8
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2020-9308 HIGH PATCH This Week

archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libarchive Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-6062 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Coturn Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2020-6061 CRITICAL POC Act Now

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Coturn Fedora Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2020-8992 MEDIUM PATCH This Month

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel Ubuntu Linux Leap +7
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-5529 Maven HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE Htmlunit Debian Linux +2
NVD GitHub
CVSS 3.1
8.1
EPSS
4.7%
CVE-2020-1700 MEDIUM This Month

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Openshift Container Storage Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2020-8648 HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +8
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-3123 HIGH This Week

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Clamav Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2020-8517 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Leap Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
6.8%
CVE-2020-8450 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Squid Ubuntu Linux Leap Fedora +1
NVD
CVSS 3.1
7.3
EPSS
71.8%
CVE-2020-8449 HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Squid Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2020-8597 CRITICAL PATCH Act Now

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Point To Point Protocol Pfc Firmware Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
19.6%
CVE-2020-8492 MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap Ubuntu Linux Fedora +1
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2020-7247 CRITICAL POC KEV PATCH THREAT Act Now

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opensmtpd Debian Linux Fedora Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
98.9%
CVE-2020-0549 MEDIUM This Month

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Linux Fedora Leap Debian Linux Core I5 9400F Firmware +425
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-7595 Ruby HIGH PATCH This Week

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Fedora Ubuntu Linux Debian Linux +20
NVD
CVSS 3.1
7.5
EPSS
7.6%
CVE-2020-7040 HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux Backports Sle Leap +1
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2020-2694 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
3.1
EPSS
1.5%
CVE-2020-2686 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-2679 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-2660 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-2659 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2020-2654 LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +21
NVD
CVSS 3.1
3.7
EPSS
3.8%
CVE-2020-2627 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-2604 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization Commerce Experience Manager Commerce Guided Search +25
NVD
CVSS 3.1
8.1
EPSS
4.9%
CVE-2020-2601 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +21
NVD
CVSS 3.1
6.8
EPSS
4.2%
CVE-2020-2593 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +22
NVD
CVSS 3.1
4.8
EPSS
3.0%
CVE-2020-2590 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +22
NVD
CVSS 3.1
3.7
EPSS
3.1%
CVE-2020-2589 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-2588 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-2584 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
4.4
EPSS
1.8%
CVE-2020-2583 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +22
NVD
CVSS 3.1
3.7
EPSS
4.0%
CVE-2020-2579 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-2577 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2020-2574 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL MariaDB Active Iq Unified Manager +5
NVD
CVSS 3.1
5.9
EPSS
3.5%
CVE-2020-2573 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2020-2572 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Ubuntu Linux Active Iq Unified Manager +3
NVD
CVSS 3.1
2.7
EPSS
1.3%
CVE-2020-2570 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL Ubuntu Linux
NVD
CVSS 3.1
5.9
EPSS
2.9%
CVE-2020-5390 PyPI HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-5313 PyPI HIGH PATCH This Week

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Pillow Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.1
EPSS
2.8%
CVE-2020-5312 PyPI CRITICAL PATCH Act Now

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pillow Ubuntu Linux Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-5311 PyPI CRITICAL PATCH Act Now

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pillow Ubuntu Linux Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-5310 PyPI HIGH PATCH This Week

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pillow Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-20096 MEDIUM PATCH This Month

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2019-20079 HIGH PATCH This Week

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Vim Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-19965 MEDIUM POC This Month

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +14
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2019-19956 HIGH PATCH This Week

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libxml2 Debian Linux Real User Experience Insight Fedora +8
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2019-19949 CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2019-19948 CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-19947 MEDIUM PATCH This Month

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux +10
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-5108 MEDIUM POC PATCH THREAT This Month

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux +13
NVD
CVSS 3.1
6.5
EPSS
10.1%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.6.1. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.6.2. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +2
NVD GitHub
EPSS 3% CVSS 7.4
HIGH PATCH This Week

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Ubuntu Linux +3
NVD
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel +3
NVD GitHub
EPSS 6% CVSS 7.8
HIGH POC PATCH This Week

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure +27
NVD
EPSS 61% CVSS 8.8
HIGH This Week

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +6
NVD
EPSS 57% CVSS 6.1
MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Http Server +13
NVD
EPSS 52% CVSS 5.3
MEDIUM PATCH This Month

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Apache Information Disclosure Http Server +10
NVD
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Stack Overflow +4
NVD
EPSS 4% CVSS 5.4
MEDIUM POC PATCH This Month

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow PHP Information Disclosure +4
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla +5
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Command Injection Firefox +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Information Disclosure +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +5
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. Rated medium severity (CVSS 5.3). Public exploit code available.

Buffer Overflow Linux Memory Corruption +4
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Denial Of Service Tika +5
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Tika +5
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Privilege Escalation Bluez +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode +10
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Twisted +3
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Twisted +5
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. Rated high severity (CVSS 7.0).

Information Disclosure Timeshift Fedora +1
NVD GitHub
EPSS 23% CVSS 8.8
HIGH POC PATCH THREAT This Week

Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Python SQLi Oracle +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Canonical +11
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 72. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla +5
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Null Pointer Dereference Denial Of Service +4
NVD
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Pure Ftpd +4
NVD GitHub
EPSS 89% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Information Disclosure +4
NVD Exploit-DB
EPSS 1% CVSS 4.7
MEDIUM POC This Month

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Opensmtpd Fedora +1
NVD Exploit-DB
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.16 through 5.5.6. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +12
NVD GitHub
EPSS 9% CVSS 4.8
MEDIUM PATCH This Month

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Request Smuggling Tomcat +20
NVD
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. Rated medium severity (CVSS 6.4). Public exploit code available and no vendor patch available.

Command Injection Rake Ubuntu Linux +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Sqlite +10
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libarchive +2
NVD GitHub
EPSS 6% CVSS 7.5
HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Coturn +3
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Coturn +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel +9
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Java RCE +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Ceph Openshift Container Storage +2
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Linux Memory Corruption +10
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Leap +1
NVD
EPSS 72% CVSS 7.3
HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Squid Ubuntu Linux +3
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Squid before 4.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Squid Debian Linux +3
NVD
EPSS 20% CVSS 9.8
CRITICAL PATCH Act Now

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Point To Point Protocol Pfc Firmware +2
NVD GitHub
EPSS 7% CVSS 6.5
MEDIUM POC PATCH This Month

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Python Leap +3
NVD GitHub
EPSS 99% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opensmtpd Debian Linux +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM This Month

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ubuntu Linux Fedora Leap +427
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libxml2 Fedora +22
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Storebackup Debian Linux +3
NVD
EPSS 2% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +23
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Oracle Java Deserialization +27
NVD
EPSS 4% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +23
NVD
EPSS 3% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +24
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +24
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL +5
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +24
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL +7
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL +5
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +5
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle MySQL +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Jwt Attack Pysaml2 +2
NVD GitHub
EPSS 3% CVSS 7.1
HIGH PATCH This Week

libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Pillow +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pillow Ubuntu Linux +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pillow Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pillow +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM POC This Month

In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux +16
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libxml2 Debian Linux +10
NVD
EPSS 3% CVSS 9.1
CRITICAL POC Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Imagemagick +3
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel +12
NVD GitHub
EPSS 10% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +15
NVD
Prev Page 6 of 38 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy