Skip to main content

Cloud Backup

275 CVEs product

Monthly

CVE-2023-28656 HIGH This Week

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Cloud Backup Ontap Select Deploy Nginx Api Connectivity Manager +2
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2021-44790 CRITICAL POC PATCH THREAT Act Now

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Memory Corruption Http Server Fedora +11
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.1%
CVE-2021-4044 Cargo HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup E Series Performance Analyzer Ontap Select Deploy Administration Utility +12
NVD
CVSS 3.1
7.5
EPSS
50.1%
CVE-2021-43527 CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla Nss Nss Esr +8
NVD
CVSS 3.1
9.8
EPSS
17.6%
CVE-2021-43976 MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux +12
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2021-43975 MEDIUM POC This Month

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +9
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-42377 CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-42376 MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42375 MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora Cloud Backup Hci Management Node +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42374 MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Busybox Fedora +10
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-42373 MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-25219 MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora H300s Firmware +11
NVD
CVSS 3.1
5.3
EPSS
8.0%
CVE-2021-42013 CRITICAL POC KEV PATCH THREAT Act Now

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE Http Server Fedora +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-41773 CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE Http Server Fedora +2
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-41524 HIGH PATCH This Week

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Http Server Fedora Instantis Enterprisetrack +1
NVD
CVSS 3.1
7.5
EPSS
25.0%
CVE-2021-41864 HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +13
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-22945 CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Cloud Backup Clustered Data Ontap +13
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-38300 HIGH POC PATCH This Week

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux RCE Linux Kernel Cloud Backup H410c Firmware +8
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-41073 HIGH PATCH This Week

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-39275 CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Http Server Fedora +8
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-3634 MEDIUM PATCH This Month

A flaw has been found in libssh in versions prior to 0.9.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Libssh Virtualization +5
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2021-22924 LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Cloud Backup +29
NVD
CVSS 3.1
3.7
EPSS
6.3%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-32785 HIGH PATCH This Week

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis Apache Denial Of Service RCE Mod Auth Openidc +2
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-3541 MEDIUM PATCH This Month

A flaw was found in libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Jboss Core Services Zfs Storage Appliance Kit Active Iq Unified Manager +15
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-3612 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux Fedora +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-22555 HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware C250 Firmware H410c Firmware +18
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
78.7%
CVE-2021-28691 HIGH This Week

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22901 HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption RCE Curl +25
NVD GitHub
CVSS 3.1
8.1
EPSS
60.1%
CVE-2021-22897 MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +18
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-26691 CRITICAL PATCH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apache Http Server Debian Linux +6
NVD
CVSS 3.1
9.8
EPSS
68.1%
CVE-2021-3520 CRITICAL PATCH Act Now

There's a flaw in lz4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Lz4 Active Iq Unified Manager Cloud Backup +4
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-33200 HIGH PATCH This Week

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Privilege Escalation Memory Corruption Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22543 HIGH POC This Week

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. Rated high severity (CVSS 8.7). Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Kernel Fedora Debian Linux +10
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2021-33574 CRITICAL POC Act Now

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Glibc Fedora +11
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-31440 HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. Rated high severity (CVSS 7.0).

Linux RCE Linux Kernel Solidfire Baseboard Management Controller Firmware Cloud Backup +7
NVD
CVSS 3.1
7.0
EPSS
1.8%
CVE-2021-3426 MEDIUM PATCH This Month

There's a flaw in Python 3's pydoc. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Fedora Debian Linux Software Collections +6
NVD
CVSS 3.1
5.7
EPSS
1.9%
CVE-2021-3483 HIGH PATCH This Week

A flaw was found in the Nosy driver in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +10
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-32399 HIGH POC PATCH This Week

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. Rated high severity (CVSS 7.0). Public exploit code available.

Linux Information Disclosure Race Condition Linux Kernel Debian Linux +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2021-3501 HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux +17
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-29489 npm MEDIUM PATCH This Month

Highcharts JS is a JavaScript charting library based on SVG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Highcharts Cloud Backup Oncommand Insight Oncommand Workflow Automation +1
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-31879 MEDIUM This Month

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wget Brocade Fabric Operating System Firmware Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-25216 CRITICAL PATCH Act Now

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Information Disclosure Debian Linux Bind +12
NVD
CVSS 3.1
9.8
EPSS
82.4%
CVE-2021-25215 HIGH PATCH This Week

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Debian Linux Bind Fedora Active Iq Unified Manager +12
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2021-25214 MEDIUM PATCH This Month

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Sinec Infrastructure Network Services +11
NVD
CVSS 3.1
6.5
EPSS
5.9%
CVE-2021-23133 HIGH POC PATCH This Week

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. Rated high severity (CVSS 7.0). Public exploit code available.

Linux Privilege Escalation Race Condition Linux Kernel Fedora +13
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-3506 HIGH PATCH This Week

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure Linux Kernel Debian Linux +10
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-29154 HIGH PATCH This Week

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Linux RCE Command Injection Linux Kernel Fedora +11
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-20284 MEDIUM POC This Month

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils Cloud Backup Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-20197 MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-28972 MEDIUM PATCH This Month

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Fedora Cloud Backup +2
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-28971 MEDIUM PATCH This Month

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Intel Denial Of Service Linux Kernel Fedora +5
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28964 MEDIUM This Month

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Denial Of Service Race Condition Linux Kernel Fedora +5
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-28952 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.11.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Fedora Cloud Backup +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-28951 MEDIUM PATCH This Month

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Fedora A250 Firmware +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-28660 HIGH PATCH This Week

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +10
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-28375 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.11.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Linux Authentication Bypass Linux Kernel Fedora Cloud Backup +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27363 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel through 5.11.3. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Debian Linux Cloud Backup +1
NVD
CVSS 3.1
4.4
EPSS
0.7%
CVE-2021-28041 HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh Fedora Cloud Backup +6
NVD GitHub
CVSS 3.1
7.1
EPSS
3.4%
CVE-2021-28039 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Xen Cloud Backup +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-28038 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Debian Linux Cloud Backup +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20226 HIGH This Week

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption Denial Of Service Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26932 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-27219 HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-27218 HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2021-23336 MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure Fedora Debian Linux +9
NVD GitHub
CVSS 3.1
5.9
EPSS
36.0%
CVE-2021-26708 HIGH PATCH This Week

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Rated high severity (CVSS 7.0).

Linux Privilege Escalation Linux Kernel Aff Baseboard Management Controller Cloud Backup +6
NVD
CVSS 3.1
7.0
EPSS
1.6%
CVE-2021-3156 HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo Fedora Debian Linux +21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
99.3%
CVE-2021-23239 LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup Hci Management Node Solidfire +2
NVD
CVSS 3.1
2.5
EPSS
1.0%
CVE-2020-36183 Maven HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind Cloud Backup Service Level Manager +42
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
2.2%
CVE-2020-27730 CRITICAL Act Now

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Path Traversal Nginx Controller Cloud Backup
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-27825 MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +5
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2020-27786 HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux Memory Corruption Use After Free +6
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2020-16599 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Hci Management Node +2
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-16593 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-25692 HIGH PATCH This Week

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openldap Enterprise Linux Cloud Backup +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-29573 HIGH PATCH This Week

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Canonical Glibc Enterprise Linux +2
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-14305 HIGH POC PATCH This Week

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
8.1
EPSS
5.1%
CVE-2020-29370 HIGH POC PATCH This Week

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Cloud Backup +5
NVD
CVSS 3.1
7.0
EPSS
0.6%
CVE-2020-29368 HIGH POC PATCH This Week

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Cloud Backup +5
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2020-15436 MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux Memory Corruption Linux Kernel +18
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2020-8760 HIGH This Week

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Integer Overflow Active Management Technology Firmware Cloud Backup
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-8757 MEDIUM This Month

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Information Disclosure Active Management Technology Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8754 HIGH This Week

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure Active Management Technology Firmware Cloud Backup +1
NVD
CVSS 3.1
7.5
EPSS
1.5%
EPSS 1% CVSS 8.1
HIGH This Week

NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nginx Authentication Bypass Cloud Backup +4
NVD
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Memory Corruption +13
NVD Exploit-DB
EPSS 50% CVSS 7.5
HIGH PATCH This Week

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Denial Of Service Cloud Backup +14
NVD
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Mozilla +10
NVD
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel +14
NVD
EPSS 1% CVSS 6.7
MEDIUM POC This Month

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Memory Corruption +11
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora +10
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +12
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux +13
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE +6
NVD Exploit-DB
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE +4
NVD Exploit-DB
EPSS 25% CVSS 7.5
HIGH PATCH This Week

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Http Server +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow +15
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora +24
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 6% CVSS 9.1
CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux RCE Linux Kernel +10
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +12
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 36% CVSS 9.8
CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +10
NVD
EPSS 63% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure +12
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

A flaw has been found in libssh in versions prior to 0.9.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption +7
NVD
EPSS 6% CVSS 3.7
LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +31
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Redis Apache Denial Of Service +4
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in libxml2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Libxml2 Jboss Core Services +17
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +16
NVD
EPSS 79% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware +20
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption +11
NVD
EPSS 60% CVSS 8.1
HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption +27
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function +20
NVD GitHub VulDB
EPSS 68% CVSS 9.8
CRITICAL PATCH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apache +8
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

There's a flaw in lz4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Lz4 +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Privilege Escalation +13
NVD
EPSS 1% CVSS 8.7
HIGH POC This Week

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. Rated high severity (CVSS 8.7). Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Kernel +12
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +13
NVD
EPSS 2% CVSS 7.0
HIGH PATCH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. Rated high severity (CVSS 7.0).

Linux RCE Linux Kernel +9
NVD
EPSS 2% CVSS 5.7
MEDIUM PATCH This Month

There's a flaw in Python 3's pydoc. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Fedora +8
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Nosy driver in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +12
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. Rated high severity (CVSS 7.0). Public exploit code available.

Linux Information Disclosure Race Condition +11
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +19
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Highcharts JS is a JavaScript charting library based on SVG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Highcharts Cloud Backup +3
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wget Brocade Fabric Operating System Firmware +4
NVD
EPSS 82% CVSS 9.8
CRITICAL PATCH Act Now

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow RCE Information Disclosure +14
NVD
EPSS 11% CVSS 7.5
HIGH PATCH This Week

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Debian Linux Bind +14
NVD
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Bind Debian Linux +13
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. Rated high severity (CVSS 7.0). Public exploit code available.

Linux Privilege Escalation Race Condition +15
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Linux Information Disclosure +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Linux RCE Command Injection +13
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils Cloud Backup +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux +4
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Intel Denial Of Service +7
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Denial Of Service Race Condition +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.11.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +6
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.11.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Linux Authentication Bypass Linux Kernel +3
NVD
EPSS 1% CVSS 4.4
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel through 5.11.3. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +3
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh +8
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +3
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Linux Memory Corruption +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +7
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora +5
NVD
EPSS 36% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure +11
NVD GitHub
EPSS 2% CVSS 7.0
HIGH PATCH This Week

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Rated high severity (CVSS 7.0).

Linux Privilege Escalation Linux Kernel +8
NVD
EPSS 99% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo +23
NVD Exploit-DB
EPSS 1% CVSS 2.5
LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup +4
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Deserialization Jackson Databind +44
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Path Traversal Nginx Controller +1
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). Rated medium severity (CVSS 5.7).

Race Condition Denial Of Service Linux +7
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Privilege Escalation Linux +8
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils +4
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Openldap +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Canonical +4
NVD
EPSS 5% CVSS 8.1
HIGH POC PATCH This Week

An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Denial Of Service Linux +7
NVD
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +7
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +7
NVD
EPSS 1% CVSS 6.7
MEDIUM POC This Month

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Linux +20
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Integer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Information Disclosure +3
NVD
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy