Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2023-4353 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4352 HIGH This Week

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4351 HIGH This Week

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4350 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4349 HIGH This Week

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40283 HIGH PATCH This Week

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-39949 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39948 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39947 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39946 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39945 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39534 HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39418 MEDIUM PATCH This Month

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PostgreSQL Enterprise Linux Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-39417 HIGH This Week

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi Software Collections Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-3824 CRITICAL POC Act Now

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2023-3823 HIGH POC This Week

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23908 MEDIUM This Month

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass Microcode Debian Linux +137
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-4273 MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2023-20588 MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Epyc 7351P Firmware Epyc 7401P Firmware +44
NVD
CVSS 3.1
5.5
EPSS
12.4%
CVE-2023-20569 MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora Debian Linux Ryzen 9 5950X Firmware +152
NVD
CVSS 3.1
4.7
EPSS
6.2%
CVE-2023-36054 MEDIUM PATCH This Month

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-4194 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Linux Authentication Bypass Memory Corruption Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-4147 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-4132 MEDIUM This Month

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3180 MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4073 HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38559 MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Ghostscript Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4056 CRITICAL Act Now

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +1
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4055 HIGH This Week

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4050 HIGH This Week

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Debian Linux
NVD
CVSS 3.1
7.5
EPSS
13.7%
CVE-2023-4049 MEDIUM This Month

Race conditions in reference counting code were found through code inspection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure Firefox Debian Linux
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-4048 HIGH This Week

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4047 HIGH This Week

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Firefox Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4046 MEDIUM This Month

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-4045 MEDIUM This Month

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4004 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-3773 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux Enterprise Linux Fedora +2
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-3772 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Enterprise Linux Enterprise Linux For Real Time +4
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-38745 MEDIUM PATCH This Month

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

RCE Pandoc Debian Linux
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-20593 MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux Ryzen 3 3100 Firmware Ryzen 3 3300X Firmware +67
NVD
CVSS 3.1
5.5
EPSS
5.8%
CVE-2023-3863 MEDIUM PATCH This Month

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%
CVE-2023-3417 HIGH This Week

Thunderbird allowed the Text Direction Override Unicode Character in filenames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38633 MEDIUM POC PATCH This Month

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Librsvg Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2023-3776 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3611 HIGH PATCH This Week

An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux Privilege Escalation Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3610 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3609 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-34968 MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-34967 MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba Fedora Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
62.6%
CVE-2023-34966 HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.0%
CVE-2023-22049 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Debian Linux Graalvm +8
NVD
CVSS 3.1
3.7
EPSS
1.3%
CVE-2023-22045 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2023-22044 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +3
NVD
CVSS 3.1
3.7
EPSS
1.1%
CVE-2023-22041 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
5.1
EPSS
0.5%
CVE-2023-22036 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.1%
CVE-2023-22006 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
3.1
EPSS
0.9%
CVE-2023-38403 HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-21400 MEDIUM POC This Month

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Android Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-21255 HIGH PATCH This Week

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3618 MEDIUM This Month

A flaw was found in libtiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Debian Linux Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-36823 Ruby MEDIUM PATCH This Month

Sanitize is an allowlist-based HTML and CSS sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-35936 MEDIUM POC This Month

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

RCE Pandoc Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2023-35001 HIGH PATCH This Week

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +6
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-31248 HIGH PATCH This Week

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-37211 HIGH This Week

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37208 HIGH This Week

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37207 MEDIUM This Month

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37202 HIGH This Week

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37201 HIGH This Week

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36053 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2023-3338 MEDIUM POC This Month

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Active Iq Unified Manager +1
NVD
CVSS 3.1
6.5
EPSS
8.1%
CVE-2023-3389 HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-3090 HIGH POC PATCH This Week

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Privilege Escalation Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3422 HIGH This Week

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3421 HIGH This Week

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3420 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
56.2%
CVE-2023-36664 HIGH This Week

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ghostscript Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
3.2%
CVE-2023-36661 HIGH POC Act Now

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Xmltooling Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-3212 MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +7
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-34241 HIGH POC PATCH This Week

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Cups Fedora +2
NVD GitHub
CVSS 3.1
7.1
EPSS
1.4%
CVE-2023-2911 HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Debian Linux Fedora +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-2828 HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-35824 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-35823 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-35788 HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation Linux Memory Corruption +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3268 HIGH PATCH This Week

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-30631 HIGH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-3217 HIGH This Week

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
13.3%
CVE-2023-3216 HIGH This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3215 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
13.8%
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Fast Dds +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Fast Dds +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fast Dds Debian Linux
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PostgreSQL Enterprise Linux +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL SQLi +3
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP Fedora +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Fedora +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass +139
NVD
EPSS 1% CVSS 6.7
MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux +8
NVD
EPSS 12% CVSS 5.5
MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +46
NVD
EPSS 6% CVSS 4.7
MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora +154
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Denial Of Service Kerberos 5 +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Linux Authentication Bypass Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +7
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service +4
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Firefox +1
NVD
EPSS 14% CVSS 7.5
HIGH This Week

In some cases, an untrusted input stream was copied to a stack buffer without checking its size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Race conditions in reference counting code were found through code inspection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Mozilla Information Disclosure +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla CSRF Firefox +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +9
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

RCE Pandoc Debian Linux
NVD GitHub
EPSS 6% CVSS 5.5
MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux +69
NVD
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Thunderbird allowed the Text Direction Override Unicode Character in filenames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Librsvg Fedora +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora +3
NVD
EPSS 63% CVSS 5.3
MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba +3
NVD
EPSS 62% CVSS 7.5
HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora +2
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +5
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service +10
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 +5
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC This Month

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of binder.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in libtiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Sanitize is an allowlist-based HTML and CSS sanitizer. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sanitize Debian Linux
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM POC This Month

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

RCE Pandoc Debian Linux
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +8
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload Mozilla Firefox +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Django +2
NVD
EPSS 8% CVSS 6.5
MEDIUM POC This Month

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 56% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +2
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ghostscript +2
NVD
EPSS 3% CVSS 7.5
HIGH POC Act Now

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Microsoft Xmltooling +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +9
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +4
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind +8
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.3.2. Rated high severity (CVSS 7.0).

Race Condition Information Disclosure Linux +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Privilege Escalation +10
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 13% CVSS 8.8
HIGH This Week

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 14% CVSS 8.8
HIGH This Week

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
Prev Page 13 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy