Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2022-3324 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-3303 MEDIUM POC This Month

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-3201 MEDIUM This Month

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-21797 PyPI CRITICAL POC PATCH Act Now

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Joblib Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-40188 HIGH This Week

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Knot Resolver Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-35252 LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap Element Software Hci Management Node +9
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2022-40146 Maven HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2022-38648 Maven MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-38398 Maven MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2022-1941 PyPI HIGH PATCH This Week

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Protobuf Cpp Protobuf Python Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-3256 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0530. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-38178 HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-38177 HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-2795 MEDIUM PATCH This Month

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2022-41222 HIGH POC PATCH This Week

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. Rated high severity (CVSS 7.0). Public exploit code available.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +3
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2022-41218 MEDIUM POC This Month

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-32886 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-39958 HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-39957 HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-39956 CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-39955 CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-37032 CRITICAL POC PATCH Act Now

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Frrouting Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2022-28203 HIGH POC This Week

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-28201 MEDIUM POC PATCH This Month

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mediawiki Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-3235 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0490. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-40768 MEDIUM PATCH This Month

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-3234 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-3176 HIGH PATCH This Week

There exists a use-after-free in io_uring in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Linux Use After Free Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-40150 Maven HIGH PATCH This Week

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-40149 Maven HIGH PATCH This Week

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Jettison Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-38851 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38850 MEDIUM POC This Month

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38866 MEDIUM This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38865 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38864 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38863 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38861 MEDIUM POC This Month

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38860 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38858 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-38855 MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder Mplayer Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-40674 HIGH PATCH This Week

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Libexpat Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2022-37797 HIGH POC This Week

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lighttpd Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-38266 MEDIUM POC PATCH This Month

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tesseract Leptonica Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2022-3169 MEDIUM This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36280 MEDIUM This Month

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-2905 MEDIUM POC This Month

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Authentication Bypass Buffer Overflow Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-40307 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.19.8. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-40023 PyPI HIGH POC PATCH This Week

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mako Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-3134 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0389. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2735 HIGH PATCH This Week

A vulnerability was found in the PCS project. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Pcs Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-38751 Maven MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-38750 Maven MEDIUM POC PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-38749 Maven MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Snakeyaml Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2022-3008 HIGH POC PATCH This Week

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Tinygltf Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.8%
CVE-2022-39842 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.19. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Buffer Overflow Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-3099 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0360. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-39190 MEDIUM PATCH This Month

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-39188 MEDIUM PATCH This Month

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2022-39177 HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Bluez Ubuntu Linux Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-39176 HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Bluez Ubuntu Linux Debian Linux
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2022-2663 MEDIUM POC This Month

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-3061 MEDIUM PATCH This Month

Found Linux Kernel flaw in the i740 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2996 PyPI HIGH PATCH This Week

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Python Scciclient Debian Linux
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-3028 HIGH PATCH This Week

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Linux Kernel Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-2521 MEDIUM POC This Month

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2520 MEDIUM POC This Month

A flaw was found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2519 MEDIUM POC This Month

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtiff Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-2153 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2132 HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora Debian Linux Enterprise Linux Fast Datapath +4
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2022-1355 MEDIUM POC PATCH This Month

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Stack Overflow Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-1354 MEDIUM POC PATCH This Month

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1271 HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid Debian Linux Xz
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2022-39028 HIGH POC PATCH This Week

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Inetutils Kerberos 5 Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-25857 Maven HIGH POC PATCH This Week

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Snakeyaml Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-38784 HIGH POC PATCH This Week

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Poppler Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-2953 MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff Ontap Select Deploy Administration Utility Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1204 MEDIUM POC PATCH This Month

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1184 MEDIUM PATCH This Month

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0718 PyPI MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
4.9
EPSS
1.3%
CVE-2022-0367 HIGH POC PATCH This Week

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmodbus Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2787 MEDIUM PATCH This Month

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Schroot Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-0171 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2255 PyPI HIGH POC PATCH This Week

A vulnerability was found in mod_wsgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mod Wsgi Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-0135 HIGH PATCH This Week

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption RCE Denial Of Service Buffer Overflow Virglrenderer +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-22728 HIGH This Week

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Buffer Overflow Libapreq2 Fedora +1
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-32893 HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Buffer Overflow Safari +7
NVD
CVSS 3.1
8.8
EPSS
9.8%
CVE-2022-2978 HIGH This Week

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-31676 HIGH PATCH This Week

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Tools Debian Linux Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2946 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0246. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free Vim Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2873 MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim +2
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC This Month

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Linux Denial Of Service Linux Kernel +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Joblib +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Knot Resolver Fedora +1
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +11
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url.14. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol.14. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Apache Batik +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Protobuf Cpp +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0530. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bind Debian Linux +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux +1
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. Rated high severity (CVSS 7.0). Public exploit code available.

Memory Corruption Information Disclosure Linux +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +6
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora +1
NVD
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Mediawiki Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0490. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Vim +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

There exists a use-after-free in io_uring in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Linux +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jettison Debian Linux
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mencoder +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Debian Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mencoder +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Mplayer +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mplayer +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mencoder Mplayer +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mencoder +2
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Lighttpd +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tesseract Leptonica +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Linux Kernel +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Denial Of Service Buffer Overflow +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Authentication Bypass +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.19.8. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mako Debian Linux
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0389. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in the PCS project. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Pcs Debian Linux
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Tinygltf Debian Linux
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.19. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Linux Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0360. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Rated medium severity (CVSS 4.7).

Linux Race Condition Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Bluez Ubuntu Linux +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Bluez Ubuntu Linux +1
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Authentication Bypass Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Found Linux Kernel flaw in the i740 driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +1
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Python Python Scciclient +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. Rated high severity (CVSS 7.0).

Linux Buffer Overflow Linux Kernel +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A flaw was found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libtiff Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtiff Debian Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service +4
NVD GitHub
EPSS 2% CVSS 8.6
HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora +6
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Stack Overflow Buffer Overflow +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Inetutils +3
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Snakeyaml Debian Linux
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE Poppler +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libtiff +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +5
NVD
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

A flaw was found in python-oslo-utils. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Oslo Utils +3
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libmodbus Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Schroot Debian Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd +3
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in mod_wsgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mod Wsgi Debian Linux
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption RCE Denial Of Service +4
NVD
EPSS 5% CVSS 7.5
HIGH This Week

A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Buffer Overflow +3
NVD
EPSS 10% CVSS 8.8
HIGH KEV THREAT This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple +9
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

VMware Privilege Escalation Tools +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0246. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Use After Free +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service +9
NVD
Prev Page 18 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy