Skip to main content

Ubuntu Linux

3390 CVEs product

Monthly

CVE-2019-19044 HIGH PATCH This Week

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Active Iq Unified Manager Aff Baseboard Management Controller +12
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2019-19043 MEDIUM PATCH This Month

A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Intel Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-18978 Ruby MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2019-11135 MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora Slackware Apollo 4200 Firmware +156
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2019-0155 HIGH This Week

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Intel Enterprise Linux Server Aus Enterprise Linux Server Eus +352
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-0154 MEDIUM This Month

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Ubuntu Linux Pentium J4205 Firmware Pentium N4200 Firmware +144
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2019-2214 HIGH This Week

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-2201 HIGH This Week

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Memory Corruption Android +1
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2019-18849 MEDIUM POC PATCH This Month

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tnef Fedora Ubuntu Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2019-18813 HIGH PATCH This Week

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-18810 HIGH PATCH This Week

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-18809 MEDIUM PATCH This Month

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +2
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2019-18808 MEDIUM PATCH This Month

A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-18804 HIGH POC This Week

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Djvulibre Debian Linux Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2019-18786 MEDIUM PATCH This Month

In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-5068 MEDIUM POC PATCH This Month

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mesa Leap Debian Linux Ubuntu Linux
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-18683 HIGH POC PATCH This Week

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Privilege Escalation Linux Kernel Ubuntu Linux +16
NVD
CVSS 3.1
7.0
EPSS
1.0%
CVE-2019-13508 CRITICAL Act Now

FreeTDS through 1.1.11 has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Freetds Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2019-15681 HIGH PATCH This Week

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Ubuntu Linux Debian Linux Simatic Itc1500 Firmware +5
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2019-11043 CRITICAL POC KEV THREAT Emergency

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow RCE Ubuntu Linux Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2019-18408 HIGH PATCH This Week

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libarchive Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-15587 Ruby MEDIUM PATCH This Month

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Fedora Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2019-18218 HIGH POC PATCH This Week

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption File Debian Linux Leap +3
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2019-18198 HIGH POC PATCH This Week

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-18197 Ruby HIGH PATCH This Week

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Libxslt Ubuntu Linux +1
NVD VulDB
CVSS 3.1
7.5
EPSS
4.5%
CVE-2019-14287 HIGH POC PATCH THREAT This Week

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sudo Fedora Debian Linux Leap +11
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
63.9%
CVE-2019-17666 HIGH PATCH This Week

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Debian Linux Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2019-3018 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.4
EPSS
2.1%
CVE-2019-3011 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-3009 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.4
EPSS
2.5%
CVE-2019-3004 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-3003 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2019-2999 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +17
NVD
CVSS 3.1
4.7
EPSS
2.7%
CVE-2019-2998 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2997 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2993 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-2992 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.5%
CVE-2019-2991 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2019-2988 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2019-2983 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2019-2982 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2981 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2019-2978 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2019-2975 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +16
NVD
CVSS 3.1
4.8
EPSS
3.3%
CVE-2019-2974 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Ubuntu Linux +2
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2019-2973 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2019-2969 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2019-2968 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2967 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2966 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2964 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.5%
CVE-2019-2963 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2962 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.5%
CVE-2019-2960 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2957 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2019-2950 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
3.1%
CVE-2019-2949 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +13
NVD
CVSS 3.1
6.8
EPSS
3.6%
CVE-2019-2948 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2019-2946 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-2945 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.1
EPSS
3.4%
CVE-2019-2938 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL MariaDB Fedora +6
NVD
CVSS 3.1
4.4
EPSS
3.0%
CVE-2019-2924 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-2923 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-2922 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-2920 MEDIUM PATCH This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2019-2914 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-2911 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
2.7
EPSS
2.1%
CVE-2019-2910 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
3.7
EPSS
1.7%
CVE-2019-2894 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +4
NVD
CVSS 3.1
3.7
EPSS
3.2%
CVE-2019-17544 CRITICAL PATCH Act Now

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Aspell Ubuntu Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
3.3%
CVE-2019-17542 CRITICAL PATCH Act Now

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Ffmpeg Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2019-17539 CRITICAL PATCH Act Now

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ffmpeg Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2019-2215 HIGH POC KEV PATCH THREAT Act Now

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Android +76
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
72.1%
CVE-2019-17455 CRITICAL POC Act Now

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libntlm Debian Linux Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-17451 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2019-17450 MEDIUM POC This Month

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Leap Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-17402 MEDIUM This Month

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-17134 PyPI CRITICAL PATCH Act Now

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Octavia Ubuntu Linux
NVD
CVSS 3.1
9.1
EPSS
2.3%
CVE-2019-17266 CRITICAL POC Act Now

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsoup Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-17133 CRITICAL PATCH Act Now

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2019-16866 HIGH PATCH This Week

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-15165 MEDIUM PATCH This Month

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libpcap Debian Linux Leap Communications Operations Monitor +7
NVD GitHub
CVSS 3.1
5.3
EPSS
2.8%
CVE-2019-15166 HIGH PATCH This Week

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Tcpdump Mac Os X Debian Linux Fedora +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.0%
CVE-2019-17055 LOW PATCH Monitor

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Linux Linux Kernel Debian Linux Fedora +5
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2019-17052 LOW PATCH Monitor

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Linux Linux Kernel Debian Linux Fedora +1
NVD
CVSS 3.1
3.3
EPSS
0.6%
CVE-2019-16935 MEDIUM POC This Month

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
4.7%
CVE-2019-16928 CRITICAL POC KEV PATCH THREAT Act Now

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Exim Ubuntu Linux +2
NVD
CVSS 3.1
9.8
EPSS
41.6%
CVE-2019-9433 MEDIUM This Month

In libvpx, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android Leap Fedora +2
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2019-9371 MEDIUM This Month

In libvpx, there is a possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android Leap Fedora +2
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2019-9325 MEDIUM This Month

In libvpx, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android Ubuntu Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.6%
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Two memory leaks in the v3d_submit_cl_ioctl() function in drivers/gpu/drm/v3d/v3d_gem.c in the Linux kernel before 5.3.11 allow attackers to cause a denial of service (memory consumption) by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +14
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak in the i40e_setup_macvlans() function in drivers/net/ethernet/intel/i40e/i40e_main.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Intel +3
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in the rack-cors (aka Rack CORS Middleware) gem before 1.0.4 for Ruby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Canonical Rack Cors +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Leap Fedora +158
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Intel +354
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Ubuntu Linux +146
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorized_keys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tnef +3
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A memory leak in the komeda_wb_connector_add() function in drivers/gpu/drm/arm/display/komeda/komeda_wb_connector.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +3
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

DjVuLibre 3.5.27 has a NULL pointer dereference in the function DJVU::filter_fv at IW44EncodeCodec.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Djvulibre +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel +1
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mesa Leap +2
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Privilege Escalation +18
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

FreeTDS through 1.1.11 has a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Freetds Ubuntu Linux
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libvncserver Ubuntu Linux +7
NVD GitHub
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Buffer Overflow RCE +22
NVD GitHub Exploit-DB
EPSS 4% CVSS 7.5
HIGH PATCH This Week

archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Fedora +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption File +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +1
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD VulDB
EPSS 64% CVSS 8.8
HIGH POC PATCH THREAT This Week

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sudo Fedora +13
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH PATCH This Week

rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 4.7
MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +19
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +20
NVD
EPSS 3% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +18
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +4
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +20
NVD
EPSS 1% CVSS 6.2
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 4% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +15
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 3% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle +19
NVD
EPSS 3% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +8
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL +5
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL +5
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle MySQL +5
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle MySQL +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +6
NVD
EPSS 2% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL +6
NVD
EPSS 2% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle MySQL +5
NVD
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +6
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Aspell +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Ffmpeg +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ffmpeg +2
NVD GitHub
EPSS 72% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +78
NVD Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Libntlm through 1.5 relies on a fixed buffer size for tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse read and write operations, as demonstrated by a stack-based buffer over-read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libntlm +5
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils +2
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Leap +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Exiv2 Debian Linux +1
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Octavia Ubuntu Linux
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

libsoup from versions 2.65.1 until 2.68.1 have a heap-based buffer over-read because soup_ntlm_parse_challenge() in soup-auth-ntlm.c does not properly check an NTLM message's length before proceeding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libsoup +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Unbound Ubuntu Linux
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Libpcap Debian Linux +9
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Tcpdump Mac Os X +8
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Linux Linux Kernel +7
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Linux Linux Kernel +3
NVD
EPSS 5% CVSS 6.1
MEDIUM POC This Month

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Debian Linux +1
NVD GitHub
EPSS 42% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption +4
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

In libvpx, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android +4
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

In libvpx, there is a possible resource exhaustion due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android +4
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

In libvpx, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +5
NVD
Prev Page 8 of 38 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy