Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2023-3214 HIGH This Week

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-3141 HIGH This Week

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-34969 MEDIUM POC This Month

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbus Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-0668 MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2023-0666 MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2023-2603 HIGH POC This Week

A vulnerability was found in libcap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcap Enterprise Linux Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-2602 LOW POC Monitor

A vulnerability was found in the pthread_create() function in libcap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libcap Enterprise Linux Debian Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2023-33460 MEDIUM POC This Month

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yajl Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-3079 HIGH POC KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +4
NVD
CVSS 3.1
8.8
EPSS
32.7%
CVE-2023-3111 HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34410 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Fedora Qt
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-32324 MEDIUM POC This Month

OpenPrinting CUPS is an open source printing system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Cups Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2023-34256 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.3.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Linux Enterprise +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2952 MEDIUM POC This Month

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-34151 MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-2650 MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service Debian Linux
NVD
CVSS 3.1
6.5
EPSS
75.1%
CVE-2023-32762 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Qt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-32307 HIGH This Week

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2898 MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-2879 HIGH POC This Week

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-2858 MEDIUM POC This Month

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Citrix Wireshark +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-2857 MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2856 MEDIUM POC This Month

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-2855 MEDIUM POC This Month

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-2854 MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-28321 MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Fedora Clustered Data Ontap +6
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2023-1667 MEDIUM This Month

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libssh Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-2002 MEDIUM POC This Month

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2023-32067 HIGH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-31130 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-2255 MEDIUM This Month

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Libreoffice Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-0950 HIGH This Week

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Libreoffice Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28709 Maven HIGH PATCH This Week

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Debian Linux 7 Mode Transition Tool
NVD
CVSS 3.1
7.5
EPSS
51.5%
CVE-2023-33204 HIGH PATCH This Week

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Sysstat Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24805 HIGH POC PATCH This Week

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Apple Command Injection Cups Filters Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-2726 HIGH This Week

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2725 HIGH This Week

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
24.7%
CVE-2023-2724 HIGH This Week

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
29.1%
CVE-2023-2723 HIGH This Week

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
15.4%
CVE-2023-2722 HIGH This Week

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2721 HIGH This Week

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2124 HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-2156 HIGH This Week

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2023-31490 HIGH POC This Week

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-31137 HIGH PATCH This Week

MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Maradns Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27954 MEDIUM This Month

The issue was addressed by removing origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-27932 MEDIUM This Month

This issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2468 MEDIUM This Month

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-2467 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-2466 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-2465 MEDIUM This Month

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-2464 MEDIUM This Month

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2463 MEDIUM This Month

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-2462 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-2461 HIGH This Week

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2460 HIGH This Week

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-2459 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-0458 MEDIUM PATCH This Month

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-0045 HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux Active Iq Unified Manager H300s Firmware +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-2269 MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2007 HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux H300s Firmware H500s Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29469 MEDIUM This Month

An issue was discovered in libxml2 before 2.10.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libxml2 Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28484 MEDIUM POC This Month

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libxml2 Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-31084 MEDIUM This Month

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Fedora Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1998 MEDIUM POC PATCH This Month

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. Rated medium severity (CVSS 5.6). Public exploit code available.

Code Injection Linux Linux Kernel Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
5.6
EPSS
1.4%
CVE-2023-2137 HIGH This Week

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2136 CRITICAL KEV THREAT Act Now

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
9.6
EPSS
5.8%
CVE-2023-2135 HIGH This Week

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-2134 HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2133 HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30608 PyPI HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Sqlparse Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28856 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Redis Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-26049 Maven MEDIUM PATCH This Month

Jetty is a java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Jetty Debian Linux Active Iq Unified Manager +3
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-21968 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2023-21967 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Denial Of Service Graalvm Jdk +8
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2023-21954 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2023-21939 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
5.3
EPSS
2.5%
CVE-2023-21938 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2023-21937 LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
3.7
EPSS
1.2%
CVE-2023-21930 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
7.4
EPSS
1.3%
CVE-2023-2033 HIGH KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
40.8%
CVE-2023-1994 MEDIUM POC This Month

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-1993 MEDIUM POC This Month

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
4.1%
CVE-2023-1992 HIGH POC This Week

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2023-1872 HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-1989 HIGH PATCH This Week

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-1668 HIGH PATCH This Week

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Vswitch Debian Linux Openshift Container Platform Openstack Platform +2
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2023-29415 MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bzip3 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1855 MEDIUM PATCH This Month

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-1823 MEDIUM This Month

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbus Fedora +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A vulnerability was found in libcap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcap +3
NVD
EPSS 0% CVSS 3.3
LOW POC Monitor

A vulnerability was found in the pthread_create() function in libcap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libcap Enterprise Linux +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yajl Fedora +1
NVD GitHub
EPSS 33% CVSS 8.8
HIGH POC KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Google +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +8
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Fedora +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

OpenPrinting CUPS is an open source printing system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.3.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick +4
NVD GitHub
EPSS 75% CVSS 6.5
MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Qt
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sofia Sip +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +7
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +2
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +8
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libssh +3
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Linux Kernel +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Ares Fedora +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure C Ares Fedora +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM This Month

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Libreoffice Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Libreoffice Debian Linux
NVD
EPSS 52% CVSS 7.5
HIGH PATCH This Week

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Sysstat +2
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Apple Command Injection +3
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 25% CVSS 8.8
HIGH This Week

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 29% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 15% CVSS 8.8
HIGH This Week

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux +7
NVD
EPSS 6% CVSS 7.5
HIGH This Week

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +3
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Frrouting Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Maradns +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

The issue was addressed by removing origin information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Safari +6
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Linux Kernel Debian Linux +6
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux +6
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in libxml2 before 2.10.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libxml2 Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libxml2 +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel +3
NVD
EPSS 1% CVSS 5.6
MEDIUM POC PATCH This Month

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. Rated medium severity (CVSS 5.6). Public exploit code available.

Code Injection Linux Linux Kernel +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 6% CVSS 9.6
CRITICAL KEV THREAT Act Now

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Sqlparse +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Redis Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Jetty is a java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java Information Disclosure Jetty +5
NVD GitHub
EPSS 0% CVSS 3.7
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 2% CVSS 5.9
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Denial Of Service +10
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 3.7
LOW Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +10
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +10
NVD
EPSS 41% CVSS 8.8
HIGH KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 4% CVSS 6.5
MEDIUM POC This Month

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux +8
NVD
EPSS 1% CVSS 8.2
HIGH PATCH This Week

A flaw was found in openvswitch (OVS). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Vswitch Debian Linux +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bzip3 Debian Linux
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +3
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
Prev Page 14 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy