Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2023-1822 MEDIUM This Month

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1821 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1820 HIGH This Week

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1819 MEDIUM This Month

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1818 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1817 MEDIUM This Month

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-1816 MEDIUM This Month

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1815 HIGH This Week

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1814 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1813 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1812 HIGH This Week

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1811 HIGH This Week

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1810 HIGH This Week

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28879 CRITICAL POC Act Now

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Debian Linux
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2023-28756 Ruby MEDIUM PATCH This Month

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruby Time Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2023-28755 Ruby MEDIUM PATCH This Month

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uri Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.6%
CVE-2023-27538 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-27536 MEDIUM POC This Month

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-27535 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-1380 HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Broadcom Information Disclosure +9
NVD
CVSS 3.1
7.1
EPSS
16.6%
CVE-2023-1077 HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +10
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-28686 HIGH PATCH This Week

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dino Fedora Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-0386 HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
7.8
EPSS
7.9%
CVE-2023-28466 HIGH PATCH This Week

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Rated high severity (CVSS 7.0).

Denial Of Service Null Pointer Dereference Linux Linux Kernel H300S +5
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-27530 Ruby HIGH PATCH This Week

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rack Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-27522 PyPI HIGH PATCH This Week

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.4.30 through 2.4.55. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Http Server Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-0330 MEDIUM PATCH This Month

A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2023-1161 HIGH This Week

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-27561 Go HIGH POC PATCH This Week

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Runc Openshift Container Platform Enterprise Linux Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-26604 HIGH POC This Week

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Debian Linux Systemd
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-25221 HIGH POC This Week

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24758 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24757 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24756 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24755 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24754 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24752 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24751 MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27372 CRITICAL POC PATCH THREAT Act Now

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Spip Debian Linux
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.6%
CVE-2023-26545 MEDIUM PATCH This Month

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Debian Linux Linux Kernel H300s Firmware +4
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-23920 MEDIUM PATCH This Month

An untrusted search path vulnerability exists in Node.js. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Node.js Information Disclosure Node Js Debian Linux
NVD
CVSS 3.1
4.2
EPSS
0.5%
CVE-2023-23916 MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Debian Linux H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-23009 MEDIUM POC This Month

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libreswan Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-24998 Maven HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service Commons Fileupload Debian Linux
NVD
CVSS 3.1
7.5
EPSS
46.8%
CVE-2023-0361 HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.4
EPSS
1.4%
CVE-2023-24580 PyPI HIGH PATCH This Week

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.6%
CVE-2023-25725 CRITICAL Act Now

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Haproxy Debian Linux
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2023-0770 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22795 Ruby HIGH PATCH This Week

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2023-23969 PyPI HIGH PATCH This Week

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2023-0266 HIGH POC KEV PATCH THREAT This Week

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. Rated high severity (CVSS 7.0). Public exploit code available.

Use After Free Denial Of Service Linux Memory Corruption Debian Linux +1
NVD GitHub
CVSS 3.1
7.0
EPSS
3.7%
CVE-2023-0412 HIGH PATCH This Week

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.8%
CVE-2023-24038 HIGH POC This Week

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Html Stripscripts Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-24021 HIGH PATCH This Week

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Modsecurity Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22809 HIGH POC THREAT Act Now

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Debian Linux Fedora macOS
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
55.4%
CVE-2023-23589 MEDIUM POC PATCH This Month

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23559 HIGH PATCH This Week

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel Hci Baseboard Management Controller +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23455 MEDIUM PATCH This Month

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23454 MEDIUM PATCH This Month

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux Denial Of Service Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42259 MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Linux Nvidia Denial Of Service Gpu Display Driver +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42258 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Linux Nvidia Information Disclosure +4
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-42257 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Linux Nvidia Information Disclosure +4
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2022-34680 MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Linux Denial Of Service Buffer Overflow Gpu Display Driver +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-34677 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Nvidia Information Disclosure +4
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-34674 MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Linux Gpu Display Driver Cloud Gaming +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-34670 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Linux Denial Of Service Gpu Display Driver +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-43603 MEDIUM POC This Month

A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-43602 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-43601 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-43600 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-43599 HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
2.0%
CVE-2022-43598 HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-43597 HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-43596 MEDIUM POC This Month

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-43595 MEDIUM POC This Month

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2022-43594 MEDIUM POC This Month

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-43593 MEDIUM POC This Month

A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2022-43592 MEDIUM POC This Month

An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2022-41999 HIGH POC This Week

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-41988 HIGH POC This Week

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-41981 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2022-41838 CRITICAL POC Act Now

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-41837 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2022-41794 CRITICAL POC Act Now

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-41649 CRITICAL POC Act Now

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-41639 CRITICAL POC Act Now

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-36354 MEDIUM POC This Month

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openimageio Debian Linux
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-46877 MEDIUM This Month

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-46871 HIGH This Week

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-47629 CRITICAL PATCH Act Now

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libksba Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.6%
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ghostscript +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruby Time +2
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uri Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +9
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +8
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora +8
NVD
EPSS 17% CVSS 7.1
HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux +11
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux +12
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Dino Fedora +1
NVD
EPSS 8% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux +7
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Rated high severity (CVSS 7.0).

Denial Of Service Null Pointer Dereference Linux +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rack Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.4.30 through 2.4.55. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Qemu +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark +1
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Runc Openshift Container Platform +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Debian Linux Systemd
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265 +1
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Spip +1
NVD Exploit-DB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Debian Linux +6
NVD GitHub
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

An untrusted search path vulnerability exists in Node.js. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Node.js Information Disclosure Node Js +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libreswan Debian Linux
NVD GitHub
EPSS 47% CVSS 7.5
HIGH PATCH This Week

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Denial Of Service +2
NVD
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux +5
NVD GitHub
EPSS 63% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Django +1
NVD
EPSS 5% CVSS 9.1
CRITICAL Act Now

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Authentication Bypass Haproxy +1
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rails Debian Linux
NVD
EPSS 47% CVSS 7.5
HIGH PATCH This Week

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Django +1
NVD
EPSS 4% CVSS 7.0
HIGH POC KEV PATCH THREAT This Week

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. Rated high severity (CVSS 7.0). Public exploit code available.

Use After Free Denial Of Service Linux +3
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Html Stripscripts Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Modsecurity Debian Linux
NVD GitHub
EPSS 55% CVSS 7.8
HIGH POC THREAT Act Now

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Debian Linux +2
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Debian Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Denial Of Service Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Linux Nvidia +5
NVD
EPSS 0% CVSS 7.3
HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Linux +6
NVD
EPSS 0% CVSS 7.3
HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Linux Denial Of Service +5
NVD
EPSS 0% CVSS 7.1
HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow +6
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Linux +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Linux +5
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

A denial of service vulnerability exists in the ZfileOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio +1
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

An information disclosure vulnerability exists in the IFFOutput channel interleaving functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

A denial of service vulnerability exists in the DDS native tile reading functionality of OpenImageIO Project OpenImageIO v2.3.19.0 and v2.4.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openimageio +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio +1
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Stack Overflow Buffer Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openimageio Debian Linux
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Openimageio +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Openimageio Debian Linux
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libksba +1
NVD
Prev Page 15 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy