Skip to main content

Ubuntu Linux

3390 CVEs product

Monthly

CVE-2019-9278 HIGH PATCH This Week

In libexif, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Integer Overflow Privilege Escalation Buffer Overflow Android +4
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2019-9232 HIGH This Week

In libvpx, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android Ubuntu Linux +3
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2019-11740 HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE Memory Corruption Firefox +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-16869 Maven HIGH POC PATCH This Week

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Netty Debian Linux Ubuntu Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
8.4%
CVE-2019-10092 MEDIUM POC PATCH THREAT This Month

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Http Server Leap Debian Linux +7
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
81.5%
CVE-2019-16884 Go HIGH POC PATCH This Week

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Runc Fedora Leap +6
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2019-13627 MEDIUM This Month

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Leap Libgcrypt20
NVD GitHub
CVSS 3.1
6.3
EPSS
0.5%
CVE-2019-5094 HIGH POC This Week

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. Rated high severity (CVSS 7.5). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption E2Fsprogs Debian Linux +4
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-12068 LOW PATCH Monitor

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
3.8
EPSS
0.5%
CVE-2019-16746 CRITICAL PATCH Act Now

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Debian Linux Ubuntu Linux +2
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2019-16729 HIGH PATCH This Week

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Pam Python Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-16714 HIGH PATCH This Week

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Traffix Signaling Delivery Controller
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2019-16713 MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16711 MEDIUM POC This Month

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16710 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16709 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Backports Leap Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2019-16708 MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux Leap Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2019-16680 MEDIUM POC PATCH This Month

An issue was discovered in GNOME file-roller before 3.29.91. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Roller Ubuntu Linux Debian Linux Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2019-14816 HIGH POC PATCH This Week

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +39
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-14814 HIGH POC PATCH This Week

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +34
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-14821 HIGH PATCH This Week

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux Memory Corruption Linux Kernel +27
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-11779 MEDIUM This Month

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mosquitto Ubuntu Linux Backports Sle Leap +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2019-16394 MEDIUM POC PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Spip Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
7.5%
CVE-2019-16393 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

PHP Open Redirect Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-16392 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-16391 MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Spip Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-14835 HIGH POC PATCH This Week

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Ubuntu Linux Debian Linux +31
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-16378 CRITICAL PATCH Act Now

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opendmarc Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2019-16239 CRITICAL Act Now

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openconnect Fedora Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-15031 MEDIUM POC PATCH This Month

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.6%
CVE-2019-15030 MEDIUM POC PATCH This Month

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Ubuntu Linux Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2019-16275 MEDIUM PATCH This Month

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant Debian Linux Ubuntu Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-16237 HIGH PATCH This Week

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dino Ubuntu Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-16236 HIGH POC PATCH This Week

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dino Ubuntu Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2019-16235 HIGH POC PATCH This Week

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dino Ubuntu Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-16234 MEDIUM PATCH This Month

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.7).

Null Pointer Dereference Denial Of Service Linux Intel Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2019-16233 MEDIUM PATCH This Month

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux +2
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2019-16232 MEDIUM POC This Month

drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux +2
NVD
CVSS 3.1
4.1
EPSS
0.6%
CVE-2019-16231 MEDIUM PATCH This Month

drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux +2
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2019-16229 MEDIUM PATCH This Month

drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux Amd Linux Kernel +2
NVD
CVSS 3.1
4.1
EPSS
0.4%
CVE-2019-16168 MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager E Series Santricity Os Controller Oncommand Insight +16
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-16167 MEDIUM POC This Month

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sysstat Fedora Leap +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-16163 HIGH POC PATCH This Week

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Oniguruma Fedora Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2019-16095 HIGH PATCH This Week

Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16094 HIGH PATCH This Week

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-16093 CRITICAL PATCH Act Now

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16092 CRITICAL PATCH Act Now

Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-16091 HIGH PATCH This Week

Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libmysofa Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-9453 MEDIUM PATCH This Month

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Buffer Overflow Information Disclosure Android Ubuntu Linux
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2019-9445 MEDIUM This Month

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android Debian Linux +1
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2019-9854 HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-16056 HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora Debian Linux Ubuntu Linux +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.4%
CVE-2019-15926 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 5.2.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +1
NVD
CVSS 3.1
9.1
EPSS
5.2%
CVE-2019-15925 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.2.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-15918 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-10197 CRITICAL Act Now

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.0
9.1
EPSS
3.2%
CVE-2019-15717 CRITICAL Act Now

Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Irssi Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2019-11476 HIGH POC This Week

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2019-15538 HIGH PATCH This Week

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Data Availability Services +15
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-15505 CRITICAL PATCH Act Now

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +1
NVD
CVSS 3.1
9.8
EPSS
7.6%
CVE-2019-15504 CRITICAL Act Now

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2019-15292 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 4.7). Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
2.6%
CVE-2019-2126 HIGH This Week

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android Fedora Ubuntu Linux +1
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2019-15223 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +5
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2019-15221 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.17. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15220 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.1. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15219 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15218 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15217 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15216 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.14. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel H410c Firmware +7
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15215 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15214 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 6.4). Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2019-15212 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel H410c Firmware Active Iq Unified Manager +6
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15211 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure Memory Corruption Linux Kernel +8
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2019-15145 MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2019-15144 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15143 MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-15142 MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-15133 MEDIUM This Month

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Giflib Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2019-5477 Ruby CRITICAL PATCH Act Now

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nokogiri Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2019-15118 MEDIUM PATCH This Month

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +7
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2019-15099 HIGH This Week

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-15098 MEDIUM This Month

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Active Iq Performance Analytics Services +6
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2019-15090 MEDIUM PATCH This Month

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Ubuntu Linux +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2019-9852 HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-9851 CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux Debian Linux Fedora +2
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
78.3%
CVE-2019-9850 CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux Debian Linux Fedora +2
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-13377 MEDIUM PATCH This Month

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Fedora Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
2.2%
CVE-2019-12854 HIGH PATCH This Week

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora Ubuntu Linux +1
NVD
CVSS 3.1
7.5
EPSS
11.7%
CVE-2019-9506 HIGH This Week

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Android Iphone Os Mac Os X Tvos +143
NVD
CVSS 3.1
8.1
EPSS
2.7%
EPSS 4% CVSS 8.8
HIGH PATCH This Week

In libexif, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Integer Overflow Privilege Escalation +6
NVD GitHub
EPSS 5% CVSS 7.5
HIGH This Week

In libvpx, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla RCE +6
NVD
EPSS 8% CVSS 7.5
HIGH POC PATCH This Week

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Request Smuggling Information Disclosure Netty +3
NVD GitHub
EPSS 81% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Http Server +9
NVD GitHub Exploit-DB
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Runc +8
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Leap +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. Rated high severity (CVSS 7.5). Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +6
NVD
EPSS 1% CVSS 3.8
LOW PATCH Monitor

In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.1+dfsg-8~deb10u1, 1:3.1+dfsg-8+deb10u2, and 1:2.1+dfsg-12+deb8u12 (fixed), when executing script in lsi_execute_script(), the LSI scsi. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Qemu Ubuntu Linux +1
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Pam Python +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Debian Linux +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Backports +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM POC PATCH This Month

An issue was discovered in GNOME file-roller before 3.29.91. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal File Roller Ubuntu Linux +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux +41
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux +36
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux +29
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mosquitto Ubuntu Linux +4
NVD
EPSS 8% CVSS 5.3
MEDIUM POC PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Spip Debian Linux +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

PHP Open Redirect Spip +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Spip +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

SPIP before 3.1.11 and 3.2 before 3.2.5 allows authenticated visitors to modify any published content and execute other modifications in the database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Spip +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel +33
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Opendmarc Debian Linux +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Openconnect Fedora +3
NVD
EPSS 1% CVSS 4.4
MEDIUM POC PATCH This Month

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +3
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Hostapd Wpa Supplicant +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Dino Ubuntu Linux +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dino Ubuntu Linux +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dino Ubuntu Linux +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.7).

Null Pointer Dereference Denial Of Service Linux +4
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux +4
NVD
EPSS 1% CVSS 4.1
MEDIUM POC This Month

drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1). Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Linux +4
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux +4
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. Rated medium severity (CVSS 4.1).

Null Pointer Dereference Denial Of Service Linux +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager +18
NVD VulDB
EPSS 2% CVSS 5.5
MEDIUM POC This Month

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sysstat +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Oniguruma Fedora +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Symonics libmysofa 0.7 has an invalid read in getDimension in hrtf/reader.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmysofa +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Libmysofa +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libmysofa +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Symonics libmysofa 0.7 has a NULL pointer dereference in getHrtf in hrtf/reader.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libmysofa +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Symonics libmysofa 0.7 has an out-of-bounds read in directblockRead in hdf/fractalhead.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Libmysofa +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure +3
NVD
EPSS 2% CVSS 7.8
HIGH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Python Libreoffice +5
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fedora +8
NVD GitHub
EPSS 5% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 5.2.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.2.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 5.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +2
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL Act Now

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Ubuntu Linux +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ubuntu Linux
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +17
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Information Disclosure +3
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +1
NVD
EPSS 3% CVSS 4.7
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.9. Rated medium severity (CVSS 4.7). Public exploit code available.

Use After Free Linux Information Disclosure +4
NVD
EPSS 5% CVSS 8.8
HIGH This Week

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Android +3
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +7
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.17. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.1. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +10
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +10
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.14. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +9
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +10
NVD
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.0.10. Rated medium severity (CVSS 6.4). Public exploit code available.

Use After Free Linux Information Disclosure +4
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.1.8. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +8
NVD
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.2.6. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Linux Information Disclosure +10
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack (application crash via an out-of-bounds read) by crafting a corrupted JB2 image file that is mishandled in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre +4
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Djvulibre Debian Linux +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Djvulibre Debian Linux +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash in GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Djvulibre +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Giflib Ubuntu Linux +1
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nokogiri Ubuntu Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +9
NVD
EPSS 4% CVSS 7.5
HIGH This Week

drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux +2
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Linux +8
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Path Traversal Python Ubuntu Linux +4
NVD
EPSS 78% CVSS 9.8
CRITICAL POC THREAT Emergency

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Ubuntu Linux +4
NVD GitHub Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Python Ubuntu Linux +4
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Hostapd Fedora +2
NVD
EPSS 12% CVSS 7.5
HIGH PATCH This Week

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux +3
NVD
EPSS 3% CVSS 8.1
HIGH This Week

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Android Iphone Os +145
NVD
Prev Page 9 of 38 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy