Skip to main content

Virtualization Host

61 CVEs product

Monthly

CVE-2022-0207 MEDIUM PATCH This Month

A race condition was found in vdsm. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Vdsm Virtualization Virtualization For Ibm Power Little Endian +1
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-0435 HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Codeready Linux Builder +28
NVD
CVSS 3.1
8.8
EPSS
68.0%
CVE-2022-0330 HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder Eus +35
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1011 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Authentication Bypass Linux Use After Free +30
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2022-0516 HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +20
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-3621 HIGH PATCH This Week

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Sssd Virtualization Virtualization Host Enterprise Linux +4
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-3501 HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux +17
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-10711 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service Linux Kernel 3Scale +9
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2019-14821 HIGH PATCH This Week

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux Memory Corruption Linux Kernel +27
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2019-14835 HIGH POC PATCH This Week

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel Ubuntu Linux Debian Linux +31
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2019-1125 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd Intel Windows 10 +14
NVD Exploit-DB
CVSS 3.1
5.6
EPSS
4.5%
CVE-2019-10161 HIGH PATCH This Week

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Libvirt Enterprise Linux Virtualization +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-11479 HIGH PATCH This Week

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Big Ip Advanced Firewall Manager Big Ip Access Policy Manager +18
NVD GitHub
CVSS 3.1
7.5
EPSS
91.7%
CVE-2019-3888 Maven CRITICAL PATCH Act Now

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Undertow Virtualization Virtualization Host +3
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2019-3460 MEDIUM POC PATCH This Month

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2018-18397 MEDIUM POC PATCH This Month

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Openshift Container Platform Virtualization Host +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-14660 MEDIUM This Month

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server Virtualization +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-14661 MEDIUM This Month

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Glusterfs Debian Linux Virtualization +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-14659 MEDIUM This Month

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gluster File System Debian Linux Enterprise Linux Server Virtualization +1
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-14654 MEDIUM This Month

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gluster Storage Enterprise Linux Server Enterprise Linux Virtualization Virtualization +2
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2018-18559 HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux Linux Kernel Openshift Container Platform +7
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-1000805 PyPI HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower Virtualization Host Enterprise Linux Desktop +7
NVD GitHub
CVSS 3.1
8.8
EPSS
4.4%
CVE-2018-1114 Maven MEDIUM PATCH This Month

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Undertow Virtualization Virtualization Host
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10930 MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux Enterprise Linux Server Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10929 HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-10928 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Enterprise Linux Server Glusterfs +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2018-10927 HIGH PATCH This Week

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Enterprise Linux Server Glusterfs Virtualization Host +1
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2018-10926 HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host Debian Linux Enterprise Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-10923 HIGH This Week

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2018-10914 MEDIUM This Month

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-10913 MEDIUM PATCH This Month

An information disclosure vulnerability was discovered in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10911 HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs Virtualization Host Enterprise Linux Desktop +4
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2018-10907 HIGH PATCH This Week

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Stack Overflow Glusterfs Virtualization Host +3
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2018-10904 HIGH PATCH This Week

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Glusterfs Virtualization Host Enterprise Linux Server Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2018-10858 HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux Ubuntu Linux Samba +5
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-10873 HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux Ubuntu Linux Virtualization +7
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2018-10875 PyPI HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage Gluster Storage Openshift +6
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-10874 PyPI HIGH PATCH This Week

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Openstack Virtualization Virtualization Host
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1120 MEDIUM POC PATCH This Month

A flaw was found affecting the Linux kernel before version 4.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Linux Denial Of Service Buffer Overflow Linux Kernel +6
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.3%
CVE-2018-1073 MEDIUM This Month

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine Virtualization Virtualization Host
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2018-5848 HIGH PATCH This Week

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android +5
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5803 MEDIUM This Month

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Debian Linux Virtualization Host +3
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1067 Maven MEDIUM PATCH This Month

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Undertow Jboss Enterprise Application Platform Virtualization Host
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2018-11237 HIGH POC PATCH This Week

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Glibc Virtualization Host Enterprise Linux Desktop +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-11236 CRITICAL PATCH Act Now

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Glibc Virtualization Host +7
NVD
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-1118 MEDIUM This Month

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux Ubuntu Linux +4
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10675 HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +8
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-10237 Maven MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service Guava Openshift Container Platform +15
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2018-10322 MEDIUM POC PATCH This Month

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Virtualization Host +3
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1088 HIGH PATCH This Week

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Gluster Storage Virtualization Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
8.1
EPSS
5.4%
CVE-2018-8088 Maven CRITICAL PATCH Act Now

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Slf4J Jboss Enterprise Application Platform Virtualization Virtualization Host +9
NVD GitHub
CVSS 3.1
9.8
EPSS
15.1%
CVE-2018-1068 MEDIUM PATCH This Month

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2018-7740 MEDIUM POC This Month

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Virtualization Host +5
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-6927 HIGH PATCH This Week

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Ubuntu Linux +8
NVD GitHub
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-6485 CRITICAL PATCH Act Now

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Glibc Virtualization Host Enterprise Linux Desktop +12
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-1000001 HIGH POC THREAT Act Now

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Glibc Ubuntu Linux +7
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
13.4%
CVE-2018-5750 MEDIUM PATCH This Month

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-5968 Maven HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind Debian Linux Openshift Container Platform +6
NVD GitHub
CVSS 3.1
8.1
EPSS
7.0%
CVE-2017-1000407 HIGH PATCH This Week

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Virtualization Host Enterprise Linux Desktop Enterprise Linux Server +7
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2017-1000410 HIGH PATCH This Week

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Virtualization Host +6
NVD
CVSS 3.0
7.5
EPSS
1.9%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A race condition was found in vdsm. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Vdsm +3
NVD
EPSS 68% CVSS 8.8
HIGH POC PATCH THREAT This Week

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +30
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +37
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Authentication Bypass +32
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +22
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Sssd Virtualization +6
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +19
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Linux Null Pointer Dereference Denial Of Service +11
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Buffer Overflow Linux +29
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Linux Kernel +33
NVD
EPSS 5% CVSS 5.6
MEDIUM POC PATCH This Month

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. Rated medium severity (CVSS 5.6).

Microsoft Information Disclosure Amd +16
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Denial Of Service Libvirt +4
NVD
EPSS 92% CVSS 7.5
HIGH PATCH This Week

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +20
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in Undertow web server before 2.0.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Undertow +5
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +15
NVD
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +9
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM This Month

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Glusterfs Virtualization Host +3
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Glusterfs +4
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gluster File System Debian Linux +3
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gluster Storage Enterprise Linux Server +4
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Linux +9
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Paramiko Ansible Tower +9
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Undertow Virtualization +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs2_create_req in glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux Server +3
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Debian Linux Enterprise Linux +5
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Debian Linux Enterprise Linux Server +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Virtualization Host +5
NVD
EPSS 2% CVSS 8.1
HIGH This Week

It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glusterfs Virtualization Host +3
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability was discovered in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Virtualization Host +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Glusterfs +6
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Stack Overflow +5
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Glusterfs Virtualization Host +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux +7
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux +9
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in ansible. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Ceph Storage +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Ansible Engine Openstack +2
NVD
EPSS 7% CVSS 5.3
MEDIUM POC PATCH This Month

A flaw was found affecting the Linux kernel before version 4.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Linux Denial Of Service +8
NVD Exploit-DB
EPSS 2% CVSS 5.3
MEDIUM This Month

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine Virtualization +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux +7
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +5
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Undertow Jboss Enterprise Application Platform +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Glibc +9
NVD Exploit-DB
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +10
NVD GitHub
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service +17
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux +5
NVD
EPSS 5% CVSS 8.1
HIGH PATCH This Week

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Gluster Storage Virtualization +4
NVD
EPSS 15% CVSS 9.8
CRITICAL PATCH Act Now

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Slf4J Jboss Enterprise Application Platform +11
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +9
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow +7
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux +10
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Glibc +14
NVD
EPSS 13% CVSS 7.8
HIGH POC THREAT Act Now

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +9
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +9
NVD
EPSS 7% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind +8
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Virtualization Host +9
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy