Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2022-4515 HIGH POC This Week

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exuberant Ctags Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-23537 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-47521 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47520 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-47519 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-47518 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +5
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3109 HIGH PATCH This Week

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Debian Linux Fedora Ffmpeg
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-4283 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-46344 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-46343 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-46342 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-46341 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-46340 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-23527 MEDIUM This Month

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Open Redirect Mod Auth Openidc Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-23520 Ruby MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-23519 Ruby MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-23518 Ruby MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux Loofah
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-23517 Ruby HIGH PATCH This Week

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-23515 Ruby MEDIUM PATCH This Month

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2022-45693 Maven HIGH POC PATCH This Week

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-45685 Maven HIGH POC PATCH This Week

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-41915 Maven MEDIUM POC PATCH This Month

Netty project is an event-driven asynchronous network application framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Netty Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-41881 Maven HIGH POC PATCH This Week

Netty project is an event-driven asynchronous network application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netty Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-23493 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-23484 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-23483 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2022-23482 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-23481 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2022-23480 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23479 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23478 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23477 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-23468 CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-42329 MEDIUM PATCH This Month

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42328 MEDIUM PATCH This Month

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-3643 MEDIUM This Month

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Broadcom Cisco Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-41325 HIGH POC This Week

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Vlc Media Player Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24439 PyPI CRITICAL POC PATCH Act Now

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gitpython Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
5.4%
CVE-2022-43548 HIGH PATCH This Week

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Node.js Command Injection Node Js Debian Linux
NVD
CVSS 3.1
8.1
EPSS
14.0%
CVE-2022-35256 MEDIUM POC This Month

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Node Js Llhttp Sinec Ins +1
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-35255 CRITICAL POC Act Now

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Node Js Sinec Ins Debian Linux
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2022-32221 CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-30123 Ruby CRITICAL PATCH Act Now

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rack Debian Linux
NVD
CVSS 3.1
10.0
EPSS
1.8%
CVE-2022-30122 Ruby HIGH PATCH This Week

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rack Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-46391 MEDIUM PATCH This Month

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46338 MEDIUM PATCH This Month

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure G810 Led Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45442 Ruby HIGH POC PATCH This Week

Sinatra is a domain-specific language for creating web applications in Ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sinatra Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-45939 HIGH PATCH This Week

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Emacs Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-45934 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-24999 npm HIGH POC PATCH THREAT This Week

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Qs Express Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
14.7%
CVE-2022-44789 HIGH PATCH This Week

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Mujs Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2022-41946 Maven MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java PostgreSQL Postgresql Jdbc Driver +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-36227 CRITICAL PATCH Act Now

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference RCE Denial Of Service Libarchive Debian Linux +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-44641 MEDIUM This Month

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lava Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-41916 HIGH This Week

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Heimdal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-3970 HIGH POC PATCH This Week

A vulnerability was found in LibTIFF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Debian Linux Safari +3
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-45188 HIGH POC This Week

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Netatalk Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-45062 CRITICAL PATCH Act Now

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Xfce4 Settings Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-45060 HIGH This Week

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Varnish Cache Varnish Cache Plus Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-3890 CRITICAL Act Now

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Debian Linux
NVD
CVSS 3.1
9.6
EPSS
0.7%
CVE-2022-3889 HIGH This Week

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3888 HIGH This Week

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3887 HIGH This Week

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3886 HIGH This Week

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-3885 HIGH This Week

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-39377 HIGH POC This Week

sysstat is a set of system performance tools for the Linux operating system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Sysstat Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-44793 MEDIUM POC THREAT This Month

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
53.5%
CVE-2022-44792 MEDIUM POC THREAT This Month

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux H300s Firmware +3
NVD GitHub
CVSS 3.1
6.5
EPSS
52.1%
CVE-2022-40284 HIGH This Week

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-44638 HIGH POC This Week

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pixman Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-39353 npm CRITICAL POC PATCH Act Now

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-43253 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43252 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43250 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43249 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43248 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43245 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43244 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43243 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43242 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43241 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43240 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43239 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-43238 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43237 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43236 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-43235 MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libde265 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-42824 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42823 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE Safari Ipados +6
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-42799 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +5
NVD
CVSS 3.1
6.1
EPSS
1.2%
EPSS 1% CVSS 7.8
HIGH POC This Week

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Exuberant Ctags Debian Linux
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Pjsip +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.0.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +7
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Debian Linux +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption +4
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Open Redirect Mod Auth Openidc +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails Html Sanitizers Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted JSON data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Netty project is an event-driven asynchronous network application framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Netty Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Netty project is an event-driven asynchronous network application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netty Debian Linux
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Microsoft Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Xrdp +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Broadcom Cisco Denial Of Service +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Vlc Media Player +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gitpython Fedora +1
NVD GitHub
EPSS 14% CVSS 8.1
HIGH PATCH This Week

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Node.js Command Injection Node Js +1
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Node Js +3
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Node Js +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +7
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Rack Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rack Debian Linux
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Awstats Debian Linux +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure G810 Led Debian Linux
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Sinatra is a domain-specific language for creating web applications in Ruby. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sinatra Debian Linux
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Emacs Debian Linux +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Linux +8
NVD
EPSS 15% CVSS 7.5
HIGH POC PATCH THREAT This Week

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Qs +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

pgjdbc is an open source postgresql JDBC Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Apple Java +3
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference RCE Denial Of Service +4
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lava Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Heimdal Debian Linux
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A vulnerability was found in LibTIFF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager +5
NVD VulDB
EPSS 1% CVSS 7.8
HIGH POC This Week

Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Xfce4 Settings Debian Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Varnish Cache Varnish Cache Plus +2
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Google Buffer Overflow +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +3
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

sysstat is a set of system performance tools for the Linux operating system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Sysstat +2
NVD GitHub
EPSS 53% CVSS 6.5
MEDIUM POC THREAT This Month

handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp +5
NVD GitHub
EPSS 52% CVSS 6.5
MEDIUM POC THREAT This Month

handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Snmp +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A buffer overflow was discovered in NTFS-3G before 2022.10.3. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pixman +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xmldom Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_0_0_fallback_16 in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_weighted_pred_avg_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_luma<unsigned char> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via mc_chroma<unsigned short> in motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_h_3_v_3_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libde265 Debian Linux
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via put_qpel_fallback<unsigned short> in fallback-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_epel_pixels_8_sse in sse-motion.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Apple RCE +8
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari +7
NVD
Prev Page 16 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy