Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2022-42326 MEDIUM PATCH This Month

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42325 MEDIUM PATCH This Month

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42324 MEDIUM PATCH This Month

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42323 MEDIUM PATCH This Month

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42322 MEDIUM PATCH This Month

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42321 MEDIUM PATCH This Month

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42320 HIGH PATCH This Week

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. Rated high severity (CVSS 7.0).

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-42319 MEDIUM PATCH This Month

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-42318 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42317 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42316 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42315 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42314 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42313 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42312 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42311 MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-42310 MEDIUM PATCH This Month

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-42309 HIGH PATCH This Week

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Buffer Overflow Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-40617 HIGH This Week

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan Ubuntu Linux Debian Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-41974 HIGH POC This Week

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Multipath Tools Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-41973 HIGH POC This Week

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Multipath Tools Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3705 HIGH PATCH This Week

A vulnerability was found in vim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Vim Fedora Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-39348 PyPI MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Twisted Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2022-39286 PyPI HIGH PATCH This Week

Jupyter Core is a package for the core common functionality of Jupyter projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Jupyter Core Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-43750 MEDIUM PATCH This Month

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-42890 Maven HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-41704 Maven HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-43680 HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +10
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-3649 HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +5
NVD VulDB
CVSS 3.1
7.0
EPSS
0.8%
CVE-2022-3646 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in Linux Kernel.c of the component BPF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-3627 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff Active Iq Unified Manager Debian Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-3626 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff Active Iq Unified Manager Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3599 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff Active Iq Unified Manager Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3598 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff Active Iq Unified Manager Debian Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3597 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff Active Iq Unified Manager Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-3570 MEDIUM POC PATCH This Month

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Buffer Overflow Libtiff Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-3640 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Linux Kernel. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Fedora +1
NVD VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-3636 HIGH PATCH This Week

A vulnerability, which was classified as critical, was found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Mediatek Denial Of Service Buffer Overflow Linux Kernel +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-3635 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Linux Kernel. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-3633 LOW PATCH Monitor

A vulnerability classified as problematic has been found in Linux Kernel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-3629 LOW PATCH Monitor

A vulnerability was found in Linux Kernel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-3625 HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-37454 LIB CRITICAL POC PATCH Act Now

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow RCE Extended Keccak Code Package Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2022-3623 HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-3621 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-41742 HIGH This Week

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Nginx Buffer Overflow Nginx Ingress Controller Fedora +1
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-41741 HIGH This Week

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Nginx Buffer Overflow Nginx Ingress Controller Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-3586 MEDIUM PATCH This Month

A flaw was found in the Linux kernel’s networking code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-39260 HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Git Fedora +2
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-39253 MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora Xcode Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-3594 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.3
EPSS
2.2%
CVE-2022-3517 npm HIGH PATCH This Week

A vulnerability was found in the minimatch package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Minimatch Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-3564 HIGH PATCH This Week

A vulnerability classified as critical was found in Linux Kernel. Rated high severity (CVSS 7.1). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +4
NVD VulDB
CVSS 3.1
7.1
EPSS
1.3%
CVE-2022-41751 HIGH POC This Week

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jhead Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3551 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in X.org Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure X Server Debian Linux Fedora
NVD VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-3550 HIGH PATCH This Week

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow X Server Debian Linux Fedora
NVD VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-3545 HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow Linux Kernel H410c Firmware +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-3524 MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-3521 LOW PATCH Monitor

A vulnerability has been found in Linux Kernel and classified as problematic. Rated low severity (CVSS 2.5).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD VulDB
CVSS 3.1
2.5
EPSS
0.2%
CVE-2022-2850 MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server Enterprise Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-42722 MEDIUM POC PATCH This Month

In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-42721 MEDIUM POC PATCH This Month

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-42720 HIGH POC PATCH This Week

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Code Injection Use After Free Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-41674 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.19.16. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Fedora +1
NVD
CVSS 3.1
8.1
EPSS
3.8%
CVE-2022-42719 HIGH POC PATCH This Week

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-42906 PyPI HIGH POC PATCH This Week

powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Powerline Gitstatus Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-42902 HIGH PATCH This Week

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-37601 npm CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Loader Utils Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-41404 Maven HIGH POC This Week

An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ini4J Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-3140 MEDIUM This Month

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Libreoffice Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
4.4%
CVE-2022-20422 HIGH PATCH This Week

In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. Rated high severity (CVSS 7.0).

Google Privilege Escalation Android Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-20421 HIGH PATCH This Week

In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-33748 MEDIUM PATCH This Month

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. Rated medium severity (CVSS 5.6).

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2022-33747 LOW PATCH Monitor

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
3.8
EPSS
0.3%
CVE-2022-33746 MEDIUM PATCH This Month

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-37616 CRITICAL PATCH Act Now

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Code Injection Prototype Pollution Node.js Xmldom Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-3435 MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in Linux Kernel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Fedora Debian Linux
NVD VulDB
CVSS 3.1
4.3
EPSS
3.7%
CVE-2022-2929 MEDIUM This Month

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dhcp Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-2928 MEDIUM This Month

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dhcp Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-41853 Maven CRITICAL PATCH Act Now

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Hypersql Database Debian Linux
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2022-42004 Maven HIGH POC PATCH This Week

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service Jackson Databind Quarkus Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-42003 Maven HIGH POC PATCH This Week

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service Jackson Databind Quarkus Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-41850 MEDIUM This Month

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-41849 MEDIUM This Month

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
4.2
EPSS
0.3%
CVE-2022-3352 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0614. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-31629 MEDIUM POC THREAT This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
49.3%
CVE-2022-31628 MEDIUM This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service PHP Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-1270 HIGH POC This Week

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-39261 PHP HIGH PATCH This Week

Twig is a template language for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Twig Drupal Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-32166 MEDIUM PATCH This Month

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Open Vswitch Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. Rated high severity (CVSS 7.0).

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Buffer Overflow Xen Debian Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Strongswan Ubuntu Linux +3
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Multipath Tools Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Multipath Tools Fedora +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in vim and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Vim +3
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Twisted Debian Linux
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Jupyter Core is a package for the core common functionality of Jupyter projects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Privilege Escalation Jupyter Core +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Buffer Overflow +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Java +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free +12
NVD GitHub
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in Linux Kernel.c of the component BPF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Linux Information Disclosure Linux Kernel +1
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools/tiffcrop.c:7345, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Multiple heap buffer overflows in tiffcrop.c utility in libtiff library Version 4.4.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Buffer Overflow +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, was found in Linux Kernel. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability, which was classified as critical, was found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Mediatek Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Linux Kernel. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A vulnerability classified as problematic has been found in Linux Kernel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel +1
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A vulnerability was found in Linux Kernel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow RCE +8
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in Linux Kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Linux Denial Of Service Linux Kernel +1
NVD VulDB
EPSS 1% CVSS 7.1
HIGH This Week

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Nginx Buffer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Nginx Buffer Overflow +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel’s networking code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +3
NVD GitHub VulDB
EPSS 3% CVSS 8.8
HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora +2
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +1
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in the minimatch package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Minimatch Debian Linux +1
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

A vulnerability classified as critical was found in Linux Kernel. Rated high severity (CVSS 7.1). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jhead Fedora +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in X.org Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure X Server Debian Linux +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A vulnerability classified as critical was found in X.org Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow X Server Debian Linux +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability has been found in Linux Kernel and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Denial Of Service Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +1
NVD VulDB
EPSS 0% CVSS 2.5
LOW PATCH Monitor

A vulnerability has been found in Linux Kernel and classified as problematic. Rated low severity (CVSS 2.5).

Linux Race Condition Information Disclosure +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server +4
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Code Injection +4
NVD
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in the Linux kernel before 5.19.16. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +3
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Powerline Gitstatus +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Lava +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Loader Utils +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in the fetch() method in the BasicProfile class of org.ini4j through version v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ini4J Debian Linux
NVD GitHub
EPSS 4% CVSS 6.3
MEDIUM This Month

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Libreoffice +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. Rated high severity (CVSS 7.0).

Google Privilege Escalation Android +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Privilege Escalation +4
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. Rated medium severity (CVSS 5.6).

Information Disclosure Xen Fedora +1
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Code Injection Prototype Pollution Node.js +2
NVD GitHub
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability classified as problematic has been found in Linux Kernel. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +2
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dhcp Debian Linux +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Dhcp +2
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Java Hypersql Database +1
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service Jackson Databind +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service Jackson Databind +3
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Race Condition Information Disclosure +2
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Linux Race Condition Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0614. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +3
NVD GitHub VulDB
EPSS 49% CVSS 6.5
MEDIUM POC THREAT This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service PHP Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

In GraphicsMagick, a heap buffer overflow was found when parsing MIFF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Graphicsmagick Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Twig is a template language for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Twig Drupal +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Open Vswitch +1
NVD GitHub
Prev Page 17 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy