Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2023-42756 MEDIUM POC PATCH This Month

A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-5197 MEDIUM PATCH This Month

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Debian Linux +1
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2023-5176 CRITICAL Act Now

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5171 MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +4
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5169 MEDIUM PATCH This Month

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-41074 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-42753 HIGH POC This Week

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3550 HIGH POC This Week

Mediawiki v1.40.0 does not validate namespaces used in XML files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-34319 HIGH PATCH This Week

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Xen Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43770 MEDIUM KEV PATCH THREAT This Month

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Webmail Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
58.5%
CVE-2023-4504 HIGH POC This Week

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Cups Libppd +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-41993 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +11
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-42464 CRITICAL PATCH Act Now

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Netatalk Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-4236 HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora Debian Linux H300s Firmware +4
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-3341 HIGH PATCH This Week

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-41900 Maven MEDIUM POC PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Authentication Bypass Jetty Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-40167 Maven MEDIUM PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-36479 Maven LOW POC PATCH Monitor

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Canonical Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
3.1
EPSS
1.0%
CVE-2023-4909 MEDIUM This Month

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4908 MEDIUM This Month

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4907 MEDIUM This Month

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4906 MEDIUM This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4905 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4904 MEDIUM This Month

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4903 MEDIUM This Month

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4902 MEDIUM This Month

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4901 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4900 MEDIUM This Month

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4921 HIGH POC This Week

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4863 LIB HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google Chrome Fedora +10
NVD GitHub
CVSS 3.1
8.8
EPSS
99.7%
CVE-2023-41915 HIGH This Week

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Openpmix Fedora Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-4875 MEDIUM PATCH This Month

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mutt Debian Linux
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-4874 MEDIUM This Month

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mutt Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4623 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4622 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-4244 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-4208 HIGH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4207 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4206 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-4015 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3777 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4764 MEDIUM This Month

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-4763 HIGH This Week

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4762 HIGH KEV PATCH THREAT This Week

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
38.0%
CVE-2023-4761 HIGH This Week

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-4781 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Debian Linux macOS
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-41909 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4752 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-40569 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-40567 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-40188 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-40186 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Apache Buffer Overflow Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-40181 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-39356 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2023-39353 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-39352 CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39355 CRITICAL POC PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Denial Of Service Memory Corruption Freerdp +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39354 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39351 HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-39350 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service Freerdp Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-40589 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-20900 HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools Open Vm Tools Fedora +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-4572 HIGH This Week

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38802 HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-41361 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-41360 CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-41358 HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4569 MEDIUM PATCH This Month

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41080 Maven MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Open Redirect Debian Linux
NVD
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-40577 Go MEDIUM PATCH This Month

Alertmanager handles alerts sent by client applications such as the Prometheus server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Alertmanager Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4431 HIGH This Week

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-4430 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2023-4429 HIGH This Week

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4428 HIGH This Week

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
10.9%
CVE-2023-37369 HIGH POC PATCH This Week

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qt Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-4368 HIGH This Week

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4367 MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4366 HIGH This Week

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4365 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4364 MEDIUM This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4363 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4362 HIGH This Week

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
18.5%
CVE-2023-4361 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4360 MEDIUM This Month

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4359 MEDIUM This Month

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Chrome Debian Linux +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-4358 HIGH This Week

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4357 HIGH This Week

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
45.9%
CVE-2023-4356 HIGH This Week

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4355 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
26.8%
CVE-2023-4354 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
EPSS 0% CVSS 4.7
MEDIUM POC PATCH This Month

A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Linux +4
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla +5
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service +6
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Mozilla +5
NVD
EPSS 4% CVSS 8.8
HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari +7
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

Mediawiki v1.40.0 does not validate namespaces used in XML files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Xen +2
NVD
EPSS 58% CVSS 6.1
MEDIUM KEV PATCH THREAT This Month

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Webmail +1
NVD GitHub
EPSS 1% CVSS 7.0
HIGH POC This Week

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +4
NVD GitHub
EPSS 29% CVSS 8.8
HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados +13
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Netatalk +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bind Fedora +6
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Authentication Bypass Jetty +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jetty +1
NVD GitHub
EPSS 1% CVSS 3.1
LOW POC PATCH Monitor

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Canonical Information Disclosure Jetty +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 100% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google +12
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Openpmix +2
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Mutt Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mutt Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 38% CVSS 8.8
HIGH KEV PATCH THREAT This Week

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Google +4
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +4
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache +3
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Apache Buffer Overflow +3
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Apache +3
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Apache Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Apache +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Apache +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apache Freerdp +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Picos +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR 9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Frrouting Debian Linux
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in FRRouting FRR through 9.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Frrouting +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in FRRouting FRR through 9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Frrouting +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 6% CVSS 6.1
MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Open Redirect +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Alertmanager handles alerts sent by client applications such as the Prometheus server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Alertmanager Debian Linux
NVD GitHub
EPSS 1% CVSS 8.1
HIGH This Week

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 9% CVSS 8.8
HIGH This Week

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 11% CVSS 8.1
HIGH This Week

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Qt Debian Linux
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 18% CVSS 8.8
HIGH This Week

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 46% CVSS 8.8
HIGH This Week

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 27% CVSS 8.8
HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
Prev Page 12 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy