Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2022-1708 Go HIGH POC PATCH This Week

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cri O Fedora Openshift Container Platform Enterprise Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-32511 Ruby CRITICAL PATCH GHSA Act Now

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jmespath Fedora
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2022-32250 HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free Linux Linux Kernel +7
NVD GitHub
CVSS 3.1
7.8
EPSS
2.9%
CVE-2022-31799 PyPI CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-31783 MEDIUM POC PATCH This Month

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Liblouis Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-1949 HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server Directory Server Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2022-1789 MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel Fedora Enterprise Linux +1
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2022-1942 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-1927 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-1897 HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim Fedora macOS +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2022-1898 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-26691 MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Apple Information Disclosure Cups Mac Os X macOS +2
NVD GitHub
CVSS 3.1
6.7
EPSS
0.6%
CVE-2022-22662 MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2022-30789 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30788 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30787 MEDIUM This Month

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-30786 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30785 MEDIUM This Month

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-30784 HIGH This Week

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30783 MEDIUM This Month

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2022-1886 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2022-1348 MEDIUM PATCH This Month

A vulnerability was found in logrotate in how the state file is created. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Logrotate Fedora
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-1851 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2022-29221 PHP HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection Smarty Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-29217 PyPI HIGH PATCH This Week

PyJWT is a Python implementation of RFC 7519. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pyjwt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-30600 PHP CRITICAL PATCH Act Now

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2022-30599 PHP CRITICAL PATCH Act Now

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-30598 PHP MEDIUM PATCH This Month

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-30597 PHP MEDIUM PATCH This Month

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2022-30596 PHP MEDIUM PATCH This Month

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-30975 MEDIUM POC This Month

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-30974 MEDIUM POC This Month

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mujs Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2022-29162 Go HIGH PATCH This Week

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Runc Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1706 Go MEDIUM PATCH This Month

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

VMware Authentication Bypass Ignition Openshift Container Platform Enterprise Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-1769 HIGH PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-1733 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-1587 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Enterprise Linux Fedora +9
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-30767 CRITICAL POC PATCH Act Now

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow U Boot Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-1379 CRITICAL POC PATCH Act Now

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2022-28919 MEDIUM POC This Month

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dokuwiki Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-1674 MEDIUM POC PATCH This Month

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-1623 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2022-1622 MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff Fedora Ontap Select Deploy Administration Utility +4
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2022-29145 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
4.8%
CVE-2022-29117 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-23267 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Powershell Visual Studio 2019 +2
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2022-1629 HIGH POC PATCH This Week

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2022-1621 HIGH POC PATCH This Week

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-1620 HIGH POC PATCH This Week

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora macOS
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-1619 HIGH POC PATCH This Week

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2022-1616 HIGH POC PATCH This Week

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.6%
CVE-2022-1053 PyPI CRITICAL PATCH Act Now

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Keylime Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2022-24903 HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2022-24884 HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-27337 MEDIUM POC This Month

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-29502 CRITICAL PATCH Act Now

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Slurm Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29501 HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2022-29500 HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2022-30292 CRITICAL PATCH Act Now

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Squirrel Fedora
NVD GitHub
CVSS 3.1
10.0
EPSS
3.6%
CVE-2022-20796 MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-20785 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-20771 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-20770 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-28487 HIGH POC PATCH This Week

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tcpreplay Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-27470 HIGH POC PATCH This Week

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Sdl Ttf Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-1292 HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway Debian Linux Active Iq Unified Manager +31
NVD
CVSS 3.1
7.3
EPSS
83.2%
CVE-2022-29824 MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 Libxslt Fedora +16
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2022-29968 HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +5
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-25844 npm HIGH POC This Week

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2022-0984 PHP MEDIUM PATCH This Month

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-1227 Go HIGH POC PATCH This Week

A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure Podman Psgo +14
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2022-1015 MEDIUM POC This Month

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Buffer Overflow Linux Kernel Fedora
NVD
CVSS 3.1
6.6
EPSS
1.5%
CVE-2022-29869 MEDIUM PATCH This Month

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cifs Utils Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2022-24736 MEDIUM POC PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Null Pointer Dereference Fedora Management Services For Element Software +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-24735 HIGH POC PATCH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Redis Fedora Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-1507 MEDIUM POC PATCH This Month

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Chafa Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2022-27239 HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils Debian Linux Caas Platform +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24883 CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Freerdp Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-24882 HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2022-28506 MEDIUM POC This Month

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Giflib Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-27406 HIGH POC This Week

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Freetype Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-27405 HIGH This Week

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freetype Fedora
NVD VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27404 CRITICAL POC Act Now

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Freetype Fedora
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2022-1420 MEDIUM POC PATCH This Month

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Vim Fedora macOS
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2022-29536 HIGH PATCH This Week

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Epiphany Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-28327 Go HIGH PATCH This Week

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.2%
CVE-2022-24675 Go HIGH PATCH This Week

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora Kubernetes Monitoring Operator
NVD
CVSS 3.1
7.5
EPSS
10.0%
CVE-2022-25648 Ruby CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cri O Fedora +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jmespath Fedora
NVD GitHub VulDB
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Memory Corruption Use After Free +9
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Bottle before 0.12.20 mishandles errors during early request binding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bottle Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Liblouis +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +11
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure 389 Directory Server +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel +3
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vim +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Apple Information Disclosure Cups +4
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A cookie management issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ntfs 3G Debian Linux +1
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was found in logrotate in how the state file is created. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Logrotate Fedora
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Vim +3
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

PyJWT is a Python implementation of RFC 7519. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Pyjwt +1
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mujs +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mujs Debian Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Runc Fedora
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

VMware Authentication Bypass Ignition +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Vim Fedora +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +11
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +12
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow U Boot Fedora
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC PATCH Act Now

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Plantuml Fedora
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dokuwiki Fedora
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff +3
NVD
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libtiff +6
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core +3
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core +3
NVD VulDB
EPSS 5% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core +4
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Vim Fedora +1
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +5
NVD GitHub
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Keylime Fedora
NVD GitHub
EPSS 4% CVSS 8.1
HIGH PATCH This Week

Rsyslog is a rocket-fast system for log processing. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

RCE Buffer Overflow Rsyslog +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Ecdsautils +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Fedora +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Slurm Fedora
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Slurm Fedora +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Slurm Fedora +1
NVD
EPSS 4% CVSS 10.0
CRITICAL PATCH Act Now

Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Squirrel +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tcpreplay Fedora
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Sdl Ttf +1
NVD GitHub
EPSS 83% CVSS 7.3
HIGH This Week

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection OpenSSL Brownfield Connectivity Gateway +33
NVD
EPSS 4% CVSS 6.5
MEDIUM POC PATCH This Month

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libxml2 +18
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel through 5.17.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +7
NVD GitHub
EPSS 5% CVSS 7.5
HIGH POC This Week

The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora +1
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

A privilege escalation flaw was found in Podman. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure +16
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM POC This Month

A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Linux Buffer Overflow +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cifs Utils Fedora +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Redis Null Pointer Dereference +4
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Redis +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Chafa +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Cifs Utils +18
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Freerdp Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Freerdp Extra Packages For Enterprise Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Giflib +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Freetype +1
NVD VulDB
EPSS 2% CVSS 7.5
HIGH This Week

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Freetype +1
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Freetype +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Vim +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Epiphany +2
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Extra Packages For Enterprise Linux +1
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora +1
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux +2
NVD GitHub
Prev Page 14 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy