Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2022-26373 MEDIUM This Month

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Debian Linux Core I5 9400F Firmware Xeon D 1649N Firmware Xeon D 1633N Firmware Xeon D 1637 Firmware +489
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2869 MEDIUM PATCH This Month

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2868 MEDIUM PATCH This Month

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2867 MEDIUM PATCH This Month

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-20369 MEDIUM PATCH This Month

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation Buffer Overflow Android +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-31780 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31779 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-31778 HIGH This Week

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.0.0 to 9.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-28129 HIGH This Week

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25763 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-37452 CRITICAL POC PATCH Act Now

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Exim Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-37434 CRITICAL POC PATCH THREAT Act Now

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Zlib Fedora Debian Linux +14
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
16.0%
CVE-2022-31197 Maven HIGH POC PATCH This Week

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PostgreSQL SQLi Java Postgresql Jdbc Driver Debian Linux +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2022-36359 PyPI HIGH PATCH This Week

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Django Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-32293 HIGH PATCH This Week

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Connman Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-32292 CRITICAL PATCH Act Now

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Connman Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2022-2598 MEDIUM POC PATCH This Month

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-2509 HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-34526 MEDIUM POC This Month

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2022-30287 HIGH POC THREAT This Week

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Groupware Debian Linux
NVD
CVSS 3.1
8.0
EPSS
70.5%
CVE-2022-2553 MEDIUM PATCH This Month

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Booth Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-36946 HIGH PATCH This Week

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux Active Iq Unified Manager +4
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-36879 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux A700S Firmware +21
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-33745 HIGH PATCH This Week

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-26307 HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-26306 HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-31163 Ruby HIGH POC PATCH This Week

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Tzinfo Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.8%
CVE-2022-31160 LIB MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware H500s Firmware H700s Firmware +6
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2022-21549 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java Graalvm Jdk +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-21540 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Oracle Authentication Bypass Java Use After Free +15
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-2122 HIGH POC This Week

A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service or potentially execute arbitrary code through heap memory corruption. The vulnerability affects GStreamer versions prior to the patched releases and requires user interaction to process a malicious media file. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation probability at 0.06%.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-1925 HIGH POC This Week

A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska_decompress_data function when processing MKV files with HEADERSTRIP decompression. While the matroskaparse element lacks proper size checks making it vulnerable, the more commonly used matroskademux element has restrictions that prevent exploitation. A proof-of-concept exploit is publicly available, though the EPSS score indicates a relatively low (4%) probability of real-world exploitation.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-1924 HIGH POC This Week

A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denial of service or potentially enable heap memory corruption when processing specially crafted MKV files with LZO compression. The vulnerability affects GStreamer versions prior to the patched releases and has been assigned a high CVSS score of 7.8, with proof-of-concept code publicly available. While the EPSS score indicates relatively low exploitation probability at 0.06%, the availability of public exploit code and the widespread use of GStreamer in multimedia applications makes this a significant concern for affected systems.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-1923 HIGH POC This Week

An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation faults or potentially allow heap memory corruption when processing malformed MKV files with bzip compression. The vulnerability affects GStreamer versions prior to patches released in 2022, with proof-of-concept exploits publicly available and an EPSS score of 0.04% indicating low but non-zero exploitation probability. While not currently in CISA's KEV catalog, the vulnerability requires only local access with user interaction to exploit, achieving high impact across confidentiality, integrity, and availability.

Buffer Overflow Debian Linux Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2022-1922 HIGH POC This Week

An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-1921 HIGH POC This Week

An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when parsing malicious AVI files, potentially leading to arbitrary code execution. The vulnerability affects GStreamer on Debian Linux systems and requires user interaction to exploit (opening a malicious file). A public proof-of-concept exploit is available, though real-world exploitation remains low with an EPSS score of 0.06%.

RCE Debian Linux Gstreamer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-1920 HIGH POC This Week

An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption when parsing specially crafted Matroska video files. The vulnerability affects GStreamer versions across multiple Linux distributions and can lead to arbitrary code execution through heap overwrite, requiring only local access and user interaction to open a malicious file. A public proof-of-concept exploit is available, though real-world exploitation remains relatively low with an EPSS score of 0.07%.

RCE Gstreamer Debian Linux
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-34169 Maven HIGH POC PATCH THREAT Act Now

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Apache RCE Java Xalan Java Debian Linux +14
NVD VulDB
CVSS 3.1
7.5
EPSS
11.0%
CVE-2022-30550 HIGH PATCH This Week

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Privilege Escalation Authentication Bypass Dovecot Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-35409 CRITICAL POC Act Now

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mbed Tls Debian Linux
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
2.0%
CVE-2022-23825 MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Fedora Athlon X4 750 Firmware +123
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-32215 MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling Llhttp Node Js +4
NVD
CVSS 3.1
6.5
EPSS
68.8%
CVE-2022-32214 npm MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling Llhttp Node Js +2
NVD
CVSS 3.1
6.5
EPSS
81.5%
CVE-2022-32213 npm MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling Llhttp Node Js +4
NVD
CVSS 3.1
6.5
EPSS
42.0%
CVE-2022-32212 HIGH This Week

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Command Injection Node.js Node Js Debian Linux +2
NVD
CVSS 3.1
8.1
EPSS
5.9%
CVE-2022-29187 HIGH This Week

Git is a distributed revision control system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29901 MEDIUM This Month

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Information Disclosure Core I7 6500U Firmware Core I7 6510U Firmware +127
NVD
CVSS 3.1
6.5
EPSS
4.9%
CVE-2022-29900 MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora Xen Athlon X4 750 Firmware +122
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2022-35414 HIGH POC PATCH This Week

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-35410 PyPI HIGH POC PATCH This Week

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mat2 Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-2048 Maven HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +4
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2022-2047 Maven LOW PATCH Monitor

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jetty Debian Linux Element Plug In For Vcenter Server Management Services For Element Software And Netapp Hci +3
NVD GitHub
CVSS 3.1
2.7
EPSS
1.2%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-2318 MEDIUM PATCH This Month

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +6
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-31129 LIB HIGH POC PATCH This Week

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Moment Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
4.9%
CVE-2022-33980 Maven CRITICAL PATCH Act Now

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Configuration Snapcenter Debian Linux
NVD
CVSS 3.1
9.8
EPSS
42.6%
CVE-2022-33744 MEDIUM PATCH This Month

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2022-33743 HIGH PATCH This Week

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Xen Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-33742 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Debian Linux Linux Kernel Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-33741 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Debian Linux Linux Kernel Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-33740 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Fedora Debian Linux Linux Kernel Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2304 HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26365 HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Kernel Xen Debian Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2097 Cargo MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora Active Iq Unified Manager Clustered Data Ontap Antivirus Connector +7
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2022-34918 HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +6
NVD
CVSS 3.1
7.8
EPSS
5.5%
CVE-2022-2285 HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-34903 MEDIUM POC PATCH This Month

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Gnupg Fedora Debian Linux Active Iq Unified Manager +1
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2022-32091 HIGH POC This Week

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure MariaDB Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2022-32088 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32087 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-32085 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-32084 HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-32083 HIGH POC This Week

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-2058 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-2057 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2056 MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2078 MEDIUM PATCH This Month

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Stack Overflow Linux Buffer Overflow Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-31091 PHP HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Debian Linux
NVD GitHub
CVSS 3.1
7.7
EPSS
1.4%
CVE-2022-31090 PHP HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Debian Linux
NVD GitHub
CVSS 3.1
7.7
EPSS
1.8%
CVE-2022-31088 MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-31087 HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

PHP RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31086 HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-31085 MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP OpenSSL Information Disclosure Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-31084 HIGH POC PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Ldap Account Manager Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.3%
CVE-2022-31081 MEDIUM POC PATCH This Month

HTTP::Daemon is a simple http server class written in perl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apache Nginx Request Smuggling Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2022-32209 Ruby MEDIUM POC PATCH THREAT This Month

# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Fedora Debian Linux
NVD
CVSS 3.1
6.1
EPSS
29.3%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
EPSS 0% CVSS 5.5
MEDIUM This Month

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Debian Linux Core I5 9400F Firmware Xeon D 1649N Firmware +491
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Libtiff Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Google Privilege Escalation +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.0.0 to 9.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling +3
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Exim +1
NVD GitHub
EPSS 16% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Zlib +16
NVD GitHub VulDB
EPSS 2% CVSS 8.0
HIGH POC PATCH This Week

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PostgreSQL SQLi Java +3
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Django +1
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Connman +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow +5
NVD
EPSS 70% CVSS 8.0
HIGH POC THREAT This Week

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization PHP Groupware +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Booth Debian Linux +1
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.18.14. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +23
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
EPSS 1% CVSS 7.5
HIGH This Week

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Debian Linux
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Path Traversal Tzinfo Debian Linux
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui H300s Firmware +8
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java +14
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Oracle Authentication Bypass +17
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

A critical integer overflow vulnerability in GStreamer's qtdemux element allows attackers to trigger denial of service or potentially execute arbitrary code through heap memory corruption. The vulnerability affects GStreamer versions prior to the patched releases and requires user interaction to process a malicious media file. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation probability at 0.06%.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in GStreamer's matroskaparse element due to an integer overflow in the gst_matroska_decompress_data function when processing MKV files with HEADERSTRIP decompression. While the matroskaparse element lacks proper size checks making it vulnerable, the more commonly used matroskademux element has restrictions that prevent exploitation. A proof-of-concept exploit is publicly available, though the EPSS score indicates a relatively low (4%) probability of real-world exploitation.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

A critical integer overflow vulnerability in the GStreamer multimedia framework's Matroska (MKV) demuxer can cause denial of service or potentially enable heap memory corruption when processing specially crafted MKV files with LZO compression. The vulnerability affects GStreamer versions prior to the patched releases and has been assigned a high CVSS score of 7.8, with proof-of-concept code publicly available. While the EPSS score indicates relatively low exploitation probability at 0.06%, the availability of public exploit code and the widespread use of GStreamer in multimedia applications makes this a significant concern for affected systems.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability in GStreamer's matroska demuxer can cause denial of service through segmentation faults or potentially allow heap memory corruption when processing malformed MKV files with bzip compression. The vulnerability affects GStreamer versions prior to patches released in 2022, with proof-of-concept exploits publicly available and an EPSS score of 0.04% indicating low but non-zero exploitation probability. While not currently in CISA's KEV catalog, the vulnerability requires only local access with user interaction to exploit, achieving high impact across confidentiality, integrity, and availability.

Buffer Overflow Debian Linux Gstreamer
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability in GStreamer's Matroska demuxer can cause denial of service or potentially heap memory corruption when processing specially crafted MKV files with zlib-compressed data. The vulnerability affects GStreamer versions prior to the patched releases and requires local access with user interaction to exploit. A public proof-of-concept exploit is available, though the EPSS score indicates relatively low real-world exploitation likelihood at 0.06%.

Buffer Overflow Gstreamer Debian Linux
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability in GStreamer's AVI demux element allows attackers to trigger a heap overwrite when parsing malicious AVI files, potentially leading to arbitrary code execution. The vulnerability affects GStreamer on Debian Linux systems and requires user interaction to exploit (opening a malicious file). A public proof-of-concept exploit is available, though real-world exploitation remains low with an EPSS score of 0.06%.

RCE Debian Linux Gstreamer
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability in the GStreamer multimedia framework's matroska demuxer allows heap memory corruption when parsing specially crafted Matroska video files. The vulnerability affects GStreamer versions across multiple Linux distributions and can lead to arbitrary code execution through heap overwrite, requiring only local access and user interaction to open a malicious file. A public proof-of-concept exploit is available, though real-world exploitation remains relatively low with an EPSS score of 0.07%.

RCE Gstreamer Debian Linux
NVD VulDB
EPSS 11% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Apache RCE Java +16
NVD VulDB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Privilege Escalation Authentication Bypass Dovecot +1
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mbed Tls +1
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +125
NVD
EPSS 69% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling +6
NVD
EPSS 81% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling +4
NVD
EPSS 42% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Request Smuggling +6
NVD
EPSS 6% CVSS 8.1
HIGH This Week

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Command Injection Node.js +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Git is a distributed revision control system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Git +3
NVD GitHub
EPSS 5% CVSS 6.5
MEDIUM This Month

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Intel Information Disclosure +129
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Debian Linux Fedora +124
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Qemu Debian Linux
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mat2 Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jetty Debian Linux +6
NVD GitHub
EPSS 1% CVSS 2.7
LOW PATCH Monitor

In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Jetty Debian Linux +5
NVD GitHub
EPSS 7% CVSS 5.9
MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora +12
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +12
NVD
EPSS 32% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 27% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +8
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Moment Fedora +1
NVD GitHub
EPSS 43% CVSS 9.8
CRITICAL PATCH Act Now

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Commons Configuration +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Rated medium severity (CVSS 4.7).

Denial Of Service Linux Kernel Debian Linux
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Xen +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Debian Linux +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fedora Debian Linux +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Fedora Debian Linux +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Vim +2
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Linux Kernel Xen +2
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Fedora +9
NVD
EPSS 5% CVSS 7.8
HIGH POC PATCH Act Now

An issue was discovered in the Linux kernel through 5.18.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Buffer Overflow +8
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Vim +2
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC PATCH This Month

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Gnupg Fedora +3
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure +3
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MariaDB Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libtiff Active Iq Unified Manager +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Stack Overflow Linux +5
NVD
EPSS 1% CVSS 7.7
HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle +1
NVD GitHub
EPSS 2% CVSS 7.7
HIGH PATCH This Week

Guzzle, an extensible PHP HTTP client. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ldap Account Manager Debian Linux
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

PHP RCE Ldap Account Manager +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP RCE Ldap Account Manager +1
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP OpenSSL Information Disclosure +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Ldap Account Manager Debian Linux
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

HTTP::Daemon is a simple http server class written in perl. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apache Nginx +2
NVD GitHub
EPSS 29% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rails Html Sanitizers Fedora +1
NVD
EPSS 96% CVSS 7.3
HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux +26
NVD
Prev Page 19 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy