Skip to main content

Debian Linux

7621 CVEs product

Monthly

CVE-2022-1720 HIGH POC PATCH This Week

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Debian Linux Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2022-2129 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-2126 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-2124 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Debian Linux Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-33981 LOW POC PATCH Monitor

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2022-31291 HIGH PATCH This Week

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Diagnostic Log And Trace Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31626 HIGH POC THREAT This Week

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Buffer Overflow Debian Linux
NVD
CVSS 3.1
8.8
EPSS
58.4%
CVE-2022-31625 HIGH POC This Week

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service PostgreSQL Debian Linux
NVD
CVSS 3.1
8.1
EPSS
3.4%
CVE-2022-21166 MEDIUM PATCH This Month

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
5.9%
CVE-2022-21127 MEDIUM PATCH This Month

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Sgx Dcap Sgx Psw +2
NVD
CVSS 3.1
5.5
EPSS
5.5%
CVE-2022-21125 MEDIUM PATCH This Month

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
6.5%
CVE-2022-21123 MEDIUM PATCH This Month

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen Fedora Sgx Dcap +4
NVD
CVSS 3.1
5.5
EPSS
6.3%
CVE-2022-32278 HIGH PATCH This Week

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exo Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2022-31043 PHP HIGH PATCH This Week

Guzzle is an open source PHP HTTP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31042 PHP HIGH PATCH This Week

Guzzle is an open source PHP HTTP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-21499 MEDIUM PATCH This Month

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-26364 MEDIUM POC PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2022-26363 MEDIUM PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-26362 MEDIUM PATCH This Month

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2022-31214 HIGH PATCH This Week

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-31031 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-2000 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-31030 Go MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Containerd Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-32250 HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +7
NVD GitHub
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-31799 PyPI CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-26491 MEDIUM PATCH This Month

An issue was discovered in Pidgin before 2.14.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pidgin Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.4%
CVE-2022-1968 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-1789 MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1652 HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux Use After Free Denial Of Service +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1462 MEDIUM POC This Month

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Linux Buffer Overflow Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2022-1419 HIGH This Week

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31003 CRITICAL POC PATCH Act Now

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Heap Overflow Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2022-31001 HIGH POC PATCH This Week

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-31002 HIGH POC PATCH This Week

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-1942 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-1897 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-1898 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26691 MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Apple Information Disclosure Cups Mac Os X macOS +2
NVD GitHub
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-27777 Ruby MEDIUM POC PATCH This Month

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Actionpack Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-22577 Ruby MEDIUM PATCH This Month

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Actionpack Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2022-21831 Ruby CRITICAL PATCH Act Now

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Active Storage Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-30789 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30788 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30787 MEDIUM This Month

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-30786 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30785 MEDIUM This Month

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-30784 HIGH This Week

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30783 MEDIUM This Month

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-1664 CRITICAL PATCH Act Now

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Debian Path Traversal Dpkg Debian Linux Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-29248 PHP HIGH PATCH This Week

Guzzle is a PHP HTTP client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle Drupal Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2022-1851 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-29221 PHP HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection Smarty Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-29599 Maven CRITICAL PATCH Act Now

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Maven Shared Utils Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2022-1785 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1734 HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2022-30975 MEDIUM POC This Month

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-30974 MEDIUM POC This Month

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-30688 HIGH PATCH This Week

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Needrestart Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29581 HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel Debian Linux Ubuntu Linux +8
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-1679 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +9
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-21151 MEDIUM This Month

Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Celeron N6210 Firmware Celeron N4500 Firmware Celeron N4505 Firmware +395
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1650 npm CRITICAL POC PATCH Act Now

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Eventsource Debian Linux
NVD GitHub
CVSS 3.1
9.3
EPSS
1.8%
CVE-2022-29885 Maven HIGH POC PATCH THREAT This Week

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apache Tomcat Debian Linux Hospitality Cruise Shipboard Property Management System
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
73.1%
CVE-2022-30594 HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel Debian Linux Solidfire Enterprise Sds Hci Storage Node +10
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-1623 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-1621 HIGH POC PATCH This Week

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-28739 HIGH This Week

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ruby Debian Linux macOS
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2022-27114 MEDIUM POC PATCH This Month

There is a vulnerability in htmldoc 1.9.16. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Htmldoc Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-30333 HIGH POC KEV PATCH THREAT Act Now

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Unrar Debian Linux
NVD
CVSS 3.1
7.5
EPSS
99.0%
CVE-2022-28463 HIGH POC PATCH This Week

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-1619 HIGH POC PATCH This Week

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2022-1616 HIGH POC PATCH This Week

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.6%
CVE-2022-30293 HIGH POC PATCH This Week

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Buffer Overflow Apple Webkitgtk Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-24903 HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2022-24884 HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27337 MEDIUM POC This Month

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-29501 HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-29500 HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-1516 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29155 CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux H300s Firmware H500s Firmware +4
NVD
CVSS 3.1
9.8
EPSS
69.9%
CVE-2022-20796 MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-20785 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-20771 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-20770 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-29824 MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 Libxslt Fedora +16
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2022-29970 Ruby HIGH PATCH This Week

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinatra Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Debian Linux +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Debian Linux +2
NVD GitHub
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Diagnostic Log And Trace Debian Linux
NVD GitHub
EPSS 58% CVSS 8.8
HIGH POC THREAT This Week

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Buffer Overflow +1
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Denial Of Service PostgreSQL +1
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +6
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +4
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +6
NVD
EPSS 6% CVSS 5.5
MEDIUM PATCH This Month

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Information Disclosure Xen +6
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Exo Debian Linux
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Guzzle is an open source PHP HTTP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Guzzle is an open source PHP HTTP client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle +2
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Fedora +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Xen Fedora +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. Rated medium severity (CVSS 6.4).

Race Condition Information Disclosure Xen +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Firejail Fedora +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Pjsip Debian Linux
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Kubernetes Containerd +2
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free +9
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +11
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +11
NVD VulDB
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

An issue was discovered in Pidgin before 2.14.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pidgin Debian Linux
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +3
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux +10
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Linux Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Information Disclosure +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Heap Overflow +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Sofia Sip +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Sofia Sip +1
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Apple Information Disclosure Cups +4
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Actionpack Debian Linux
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Actionpack Debian Linux
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Active Storage +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ntfs 3G Debian Linux +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Debian Path Traversal Dpkg +2
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Guzzle is a PHP HTTP client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Guzzle +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim +3
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Code Injection Maven Shared Utils +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim +1
NVD GitHub
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware. Rated high severity (CVSS 7.0). Public exploit code available.

Denial Of Service Memory Corruption Use After Free +11
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mujs +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mujs Debian Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Python Needrestart +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Linux Linux Kernel +10
NVD
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +12
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Celeron N6210 Firmware +397
NVD
EPSS 2% CVSS 9.3
CRITICAL POC PATCH Act Now

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Eventsource Debian Linux
NVD GitHub
EPSS 73% CVSS 7.5
HIGH POC PATCH THREAT This Week

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Apache Tomcat +2
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The Linux kernel before 5.17.2 mishandles seccomp permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Linux Linux Kernel +12
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff +3
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 4% CVSS 7.5
HIGH This Week

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ruby +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

There is a vulnerability in htmldoc 1.9.16. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Htmldoc +1
NVD GitHub
EPSS 99% CVSS 7.5
HIGH POC KEV PATCH THREAT Act Now

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Path Traversal Unrar +1
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Imagemagick Debian Linux
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +5
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Buffer Overflow Apple +2
NVD GitHub
EPSS 4% CVSS 8.1
HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Fedora +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Slurm Fedora +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Slurm Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +3
NVD
EPSS 70% CVSS 9.8
CRITICAL POC THREAT Act Now

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Openldap Debian Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 83% CVSS 7.3
HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway +33
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 +18
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sinatra Debian Linux
NVD GitHub
Prev Page 20 of 85 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy