Skip to main content

Enterprise Linux

1150 CVEs product

Monthly

CVE-2023-32573 MEDIUM PATCH This Month

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2156 HIGH This Week

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Fedora +1
NVD
CVSS 3.1
7.5
EPSS
6.1%
CVE-2023-2513 MEDIUM PATCH This Month

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32233 HIGH POC PATCH THREAT This Week

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +2
NVD GitHub
CVSS 3.1
7.8
EPSS
13.0%
CVE-2023-30549 Go HIGH PATCH This Week

Apptainer is an open source container platform for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Ubuntu Use After Free Privilege Escalation Linux +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-2019 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-2194 MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow RCE Linux Linux Kernel +2
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28328 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28327 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1652 HIGH PATCH This Week

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-0664 HIGH PATCH This Week

A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0179 HIGH POC This Week

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Integer Overflow RCE +13
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2023-1380 HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Broadcom Information Disclosure +9
NVD
CVSS 3.1
7.1
EPSS
16.6%
CVE-2023-1073 MEDIUM PATCH This Month

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2023-0778 Go MEDIUM PATCH This Month

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Podman Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-0494 HIGH PATCH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption X Server Fedora +16
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-1513 LOW PATCH Monitor

A flaw was found in KVM. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-27561 Go HIGH POC PATCH This Week

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Runc Openshift Container Platform Enterprise Linux Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-1095 MEDIUM PATCH This Month

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0361 HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.4
EPSS
1.4%
CVE-2022-3775 HIGH This Week

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE Grub2 Enterprise Linux
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-4283 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-4144 MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Qemu Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-3500 PyPI MEDIUM PATCH This Month

A vulnerability was found in keylime. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Information Disclosure Keylime Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2022-3821 MEDIUM POC PATCH This Month

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2963 HIGH POC PATCH This Week

A vulnerability found in jasper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-2850 MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server Enterprise Linux Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-2990 Go HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buildah Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2989 Go HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2022-2964 HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Enterprise Linux H300s Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2905 MEDIUM POC This Month

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Authentication Bypass Buffer Overflow Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-25310 MEDIUM POC PATCH This Month

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Fribidi Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-25309 MEDIUM POC PATCH This Month

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Denial Of Service Buffer Overflow Fribidi Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-25308 HIGH POC This Week

A stack-based buffer overflow flaw was found in the Fribidi package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow Fribidi Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2639 HIGH POC PATCH This Week

An integer coercion error was found in the openvswitch kernel module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-2153 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2132 HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora Debian Linux Enterprise Linux Fast Datapath +4
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2022-1355 MEDIUM POC PATCH This Month

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Stack Overflow Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-1354 MEDIUM POC PATCH This Month

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Libtiff Fedora +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2022-1263 MEDIUM POC PATCH This Month

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1247 HIGH POC This Week

An issue found in linux-kernel that leads to a race condition in rose_connect(). Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Race Condition Information Disclosure Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-1199 HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-1198 MEDIUM POC PATCH This Month

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-1184 MEDIUM PATCH This Month

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-1016 MEDIUM POC This Month

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0934 HIGH PATCH This Week

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Dnsmasq Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-0852 MEDIUM POC PATCH This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Convert2Rhel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0851 MEDIUM POC This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Convert2Rhel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0485 MEDIUM POC PATCH This Month

A flaw was found in the copying tool `nbdcopy` of libnbd. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libnbd Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2022-0480 MEDIUM PATCH This Month

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0358 HIGH PATCH This Week

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Qemu Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-34303 MEDIUM This Month

A flaw was found in Eurosoft bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2022-34302 MEDIUM This Month

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2022-34301 MEDIUM This Month

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cryptopro Securedisk For Bitlocker Enterprise Linux Windows 10 Windows 11 +6
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2022-0175 MEDIUM PATCH This Month

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Virglrenderer Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0171 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0168 MEDIUM PATCH This Month

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2022-0135 HIGH PATCH This Week

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption RCE Denial Of Service Buffer Overflow Virglrenderer +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2938 HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service Use After Free Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-2873 MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service Linux Kernel Fedora +7
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-2625 HIGH This Week

A vulnerability was found in PostgreSQL. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Fedora Enterprise Linux
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2022-1158 HIGH POC This Week

A flaw was found in KVM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Linux Kernel Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-2509 HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-35653 PHP MEDIUM POC PATCH This Month

A reflected XSS issue was identified in the LTI module of Moodle. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Fedora Enterprise Linux
NVD
CVSS 3.1
6.1
EPSS
3.7%
CVE-2022-35651 PHP MEDIUM PATCH This Month

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

SSRF XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-2393 MEDIUM This Month

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pki Core Certificate System Enterprise Linux
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2022-2211 MEDIUM This Month

A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libguestfs Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-2078 MEDIUM PATCH This Month

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Stack Overflow Linux Buffer Overflow Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2022-1852 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Linux Null Pointer Dereference Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-0987 LOW Monitor

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Packagekit Enterprise Linux
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-1665 HIGH This Week

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat IBM Linux Enterprise Linux
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2022-32547 HIGH PATCH This Week

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32546 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-32545 HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1998 HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free Linux Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-1708 Go HIGH POC PATCH This Week

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cri O Fedora Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-1949 HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server Directory Server Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1789 MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1652 HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux Use After Free Denial Of Service +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-1462 MEDIUM POC This Month

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Linux Buffer Overflow Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2022-30600 PHP CRITICAL PATCH Act Now

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2022-30599 PHP CRITICAL PATCH Act Now

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30598 PHP MEDIUM PATCH This Month

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-30597 PHP MEDIUM PATCH This Month

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-30596 PHP MEDIUM PATCH This Month

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1706 Go MEDIUM PATCH This Month

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

VMware Authentication Bypass Ignition Openshift Container Platform Enterprise Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-1587 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Enterprise Linux Fedora +9
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-0984 PHP MEDIUM PATCH This Month

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1353 HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Debian Linux Enterprise Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Enterprise Linux
NVD
EPSS 6% CVSS 7.5
HIGH This Week

A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +3
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +3
NVD GitHub
EPSS 13% CVSS 7.8
HIGH POC PATCH THREAT This Week

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Linux +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Apptainer is an open source container platform for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Ubuntu Use After Free +8
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow RCE +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Qemu +2
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux +15
NVD
EPSS 17% CVSS 7.1
HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux +11
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Podman Enterprise Linux
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +18
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A flaw was found in KVM. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Fedora +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Runc Openshift Container Platform +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Kernel +1
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Gnutls Enterprise Linux +5
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

When rendering certain unicode sequences, grub2's font code doesn't proper validate if the informed glyph's width and height is constrained within bitmap size. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption RCE +2
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow +4
NVD
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

A vulnerability was found in keylime. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Information Disclosure Keylime Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Enterprise Linux +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability found in jasper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jasper Fedora +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Directory Server +4
NVD
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buildah Openshift Container Platform +1
NVD
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Podman Openshift Container Platform +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel +6
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Authentication Bypass +4
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Fribidi +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Denial Of Service Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

A stack-based buffer overflow flaw was found in the Fribidi package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An integer coercion error was found in the openvswitch kernel module. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Kernel Enterprise Linux
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Null Pointer Dereference Denial Of Service +4
NVD GitHub
EPSS 2% CVSS 8.6
HIGH POC This Week

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Data Plane Development Kit Fedora +6
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Stack Overflow Buffer Overflow +5
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow +5
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH POC This Week

An issue found in linux-kernel that leads to a race condition in rose_connect(). Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Linux Race Condition Information Disclosure +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the Linux kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +9
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +5
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Linux +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Red Hat Convert2Rhel +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

There is a flaw in convert2rhel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Convert2Rhel Enterprise Linux
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

A flaw was found in the copying tool `nbdcopy` of libnbd. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libnbd Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Qemu Enterprise Linux
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A flaw was found in Eurosoft bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux +8
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Uefi Bootloader Enterprise Linux +8
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Cryptopro Securedisk For Bitlocker Enterprise Linux +8
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Virglrenderer Enterprise Linux
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Amd +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Null Pointer Dereference Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption RCE Denial Of Service +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in the Linux kernel's implementation of Pressure Stall Information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Denial Of Service +9
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Intel Denial Of Service +9
NVD
EPSS 2% CVSS 8.0
HIGH This Week

A vulnerability was found in PostgreSQL. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A flaw was found in KVM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability found in gnutls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnutls Enterprise Linux +2
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

A reflected XSS issue was identified in the LTI module of Moodle. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Fedora +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

SSRF XSS Moodle +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pki Core Certificate System +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Libguestfs +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Stack Overflow Linux +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Linux +3
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Packagekit Enterprise Linux
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Red Hat IBM +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Imagemagick +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Use After Free +9
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cri O Fedora +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Linux +10
NVD
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Linux Buffer Overflow +3
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

VMware Authentication Bypass Ignition +3
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +11
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +12
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +10
NVD GitHub
Prev Page 4 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy