Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2026-35094 LOW Monitor

Libinput versions prior to 1.26.0 contain a dangling pointer vulnerability in Lua plugin garbage collection that allows local authenticated attackers to read sensitive data from system logs, requiring the ability to deploy malicious Lua plugin files to system directories and Lua plugin support to be enabled in the compositor. The vulnerability has a CVSS score of 3.3 (low severity) with confirmed patch availability, and poses minimal real-world risk due to high prerequisites including local file write access and plugin enablement.

Information Disclosure Libinput Fedora
NVD VulDB
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-35093 HIGH PATCH This Week

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

RCE Code Injection Libinput Fedora
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2024-3056 Go HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2024-6293 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6292 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-6290 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38277 PHP MEDIUM PATCH This Month

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-38276 PHP HIGH PATCH This Week

Incorrect CSRF token checks resulted in multiple CSRF risks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Fedora Moodle
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38274 PHP MEDIUM PATCH This Month

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38273 PHP MEDIUM PATCH This Month

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-5847 HIGH This Week

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5845 HIGH This Week

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5844 HIGH This Week

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5843 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5842 HIGH This Week

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5841 HIGH This Week

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5840 MEDIUM This Month

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-5839 MEDIUM This Month

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-5838 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5837 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5835 HIGH This Week

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5834 HIGH This Week

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5833 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5832 HIGH This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5831 HIGH This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-5830 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-4577 CRITICAL POC KEV THREAT Emergency

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection PHP Microsoft Fedora
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2024-2408 MEDIUM POC This Month

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure OpenSSL Microsoft Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2024-5585 HIGH POC THREAT This Week

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
28.8%
CVE-2024-5458 MEDIUM POC THREAT This Month

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
12.1%
CVE-2024-5499 HIGH POC This Week

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google RCE Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-5498 HIGH POC This Week

Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-5497 HIGH POC This Week

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5495 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5494 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5493 HIGH POC This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-35949 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35947 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-36048 CRITICAL PATCH Act Now

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Fedora
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-31142 HIGH PATCH This Week

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Buffer Overflow Xen Fedora
NVD
CVSS 3.1
7.5
EPSS
17.4%
CVE-2024-4950 MEDIUM POC This Month

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-4949 MEDIUM POC This Month

Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-4948 MEDIUM POC This Month

Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-4947 CRITICAL POC KEV THREAT Act Now

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
15.1%
CVE-2024-27834 MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari Ipados Iphone Os +6
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27401 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-27400 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27399 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-27398 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Memory Corruption Fedora +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-4559 MEDIUM POC This Month

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-34397 MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Glib Debian Linux Fedora Ontap Tools
NVD
CVSS 3.1
5.2
EPSS
0.2%
CVE-2024-34069 PyPI HIGH POC PATCH Act Now

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Werkzeug Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2024-34064 PyPI MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jinja Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2024-34507 HIGH POC This Week

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki Fedora
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2024-34506 HIGH POC This Week

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-34502 CRITICAL PATCH Act Now

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mediawiki Fedora
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-34500 PHP MEDIUM PATCH This Month

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-4216 PyPI MEDIUM POC PATCH This Month

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2024-4215 PyPI HIGH PATCH This Week

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-4368 HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-4060 MEDIUM POC This Month

Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2024-4059 MEDIUM POC This Month

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-27021 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27019 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-27018 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27017 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-27016 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27015 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27014 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-27013 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27012 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel Fedora
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-27008 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-27004 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-27001 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-27000 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26994 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-26988 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-26987 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-26986 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handling code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-25569 MEDIUM POC This Month

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Grassroots Dicom Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-22391 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-22373 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-32662 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-32661 HIGH PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freerdp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-32660 HIGH PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Freerdp Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2024-32659 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-32658 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2024-26922 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-32460 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2024-32459 CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.8%
EPSS 0% CVSS 3.3
LOW Monitor

Libinput versions prior to 1.26.0 contain a dangling pointer vulnerability in Lua plugin garbage collection that allows local authenticated attackers to read sensitive data from system logs, requiring the ability to deploy malicious Lua plugin files to system directories and Lua plugin support to be enabled in the compositor. The vulnerability has a CVSS score of 3.3 (low severity) with confirmed patch availability, and poses minimal real-world risk due to high prerequisites including local file write access and plugin enablement.

Information Disclosure Libinput Fedora
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in libinput allows authenticated users to execute arbitrary code within graphical compositor contexts by placing malicious Lua bytecode in system or user configuration directories. The vulnerability achieves scope change (CVSS:S:C) with high impact across confidentiality, integrity, and availability (8.8 CVSS), enabling attackers to monitor keyboard input including passwords and sensitive data. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed vulnerability.

RCE Code Injection Libinput +1
NVD VulDB
EPSS 1% CVSS 7.7
HIGH This Week

A flaw was found in Podman. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Podman Openshift Container Platform +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Moodle Fedora
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Incorrect CSRF token checks resulted in multiple CSRF risks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Fedora Moodle
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Google +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Memory Corruption +2
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Command Injection PHP +2
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.9
MEDIUM POC This Month

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Information Disclosure OpenSSL +2
NVD GitHub
EPSS 29% CVSS 8.8
HIGH POC THREAT This Week

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Microsoft +1
NVD GitHub
EPSS 12% CVSS 5.3
MEDIUM POC THREAT This Month

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Fedora
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google RCE +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Canonical +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Fedora
NVD
EPSS 17% CVSS 7.5
HIGH PATCH This Week

Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Buffer Overflow Xen Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Google Chrome +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 15% CVSS 9.6
CRITICAL POC KEV THREAT Act Now

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Safari +8
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 0% CVSS 5.2
MEDIUM POC This Month

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Glib Debian Linux +2
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH Act Now

Werkzeug is a comprehensive WSGI web application library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Werkzeug Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jinja is an extensible templating engine. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jinja Fedora
NVD GitHub
EPSS 1% CVSS 7.4
HIGH POC This Week

An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Denial Of Service Mediawiki +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Mediawiki Fedora
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mediawiki Fedora
NVD
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pgadmin 4 Fedora
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Pgadmin 4 +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: r8169: fix LED-related deadlock on module removal Binding devm_led_classdev_register() to the netdev is problematic because on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with. Rated medium severity (CVSS 4.7).

Race Condition Information Disclosure Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters),. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1'. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handling code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Grassroots Dicom +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Grassroots Dicom Fedora
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freerdp +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Freerdp Fedora
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Freerdp +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Freerdp +1
NVD GitHub
Page 1 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy