Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-43616 CRITICAL POC PATCH Act Now

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure npm Next Generation Application Programming Interface Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-43519 MEDIUM POC PATCH This Month

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lua Fedora
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-41772 Go HIGH PATCH This Week

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora Timesten In Memory Database
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-41771 Go HIGH PATCH This Week

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-42072 HIGH POC This Week

An issue was discovered in Barrier before 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Barrier Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-35368 CRITICAL POC Act Now

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-3928 HIGH POC PATCH This Week

vim is vulnerable to Use of Uninitialized Variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-3927 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-27836 MEDIUM PATCH This Month

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxls Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-43267 CRITICAL POC PATCH THREAT Act Now

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel Fedora H300s Firmware +6
NVD GitHub
CVSS 3.1
9.8
EPSS
57.6%
CVE-2021-37980 HIGH This Week

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass Chrome Fedora +1
NVD
CVSS 3.1
7.4
EPSS
1.4%
CVE-2021-37979 HIGH POC This Week

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-37978 HIGH This Week

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-37977 HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-42574 HIGH POC THREAT This Week

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection Unicode Fedora Starwind Virtual San
NVD
CVSS 3.1
8.3
EPSS
12.2%
CVE-2021-3756 CRITICAL POC PATCH Act Now

libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libmysofa Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-43056 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel for powerpc before 5.14.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3903 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25219 MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux Fedora H300s Firmware +11
NVD
CVSS 3.1
5.3
EPSS
8.0%
CVE-2021-41184 LIB MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +23
NVD GitHub
CVSS 3.1
6.1
EPSS
44.5%
CVE-2021-41183 LIB MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +24
NVD GitHub
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-41182 LIB MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H500s Firmware H700s Firmware +25
NVD GitHub
CVSS 3.1
6.1
EPSS
42.2%
CVE-2021-21703 HIGH POC PATCH This Week

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running. Rated high severity (CVSS 7.0). Public exploit code available.

PHP Authentication Bypass Debian Linux Fedora Clustered Data Ontap +1
NVD
CVSS 3.1
7.0
EPSS
1.3%
CVE-2021-42716 HIGH POC This Week

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stb Image H Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
1.4%
CVE-2021-42715 MEDIUM This Month

An issue was discovered in stb stb_image.h 1.33 through 2.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stb Image H Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-41160 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-41159 HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption Freerdp Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-42327 MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd Memory Corruption Linux Kernel +9
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-42762 MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk Wpe Webkit Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-35610 HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2021-35608 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-35607 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-35604 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Oncommand Insight Snapcenter +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-35603 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
3.7
EPSS
4.1%
CVE-2021-35602 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2021-35597 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-35596 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-35591 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2021-35588 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
3.1
EPSS
3.6%
CVE-2021-35586 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.3%
CVE-2021-35578 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.2%
CVE-2021-35577 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-35575 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-35567 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java Openjdk Graalvm +14
NVD
CVSS 3.1
6.8
EPSS
2.7%
CVE-2021-35565 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.9%
CVE-2021-35564 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
5.2%
CVE-2021-35561 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.5%
CVE-2021-35559 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
14.8%
CVE-2021-35556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-35550 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +11
NVD
CVSS 3.1
5.9
EPSS
6.9%
CVE-2021-35546 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2481 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-2479 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2478 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2021-42739 MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-3746 MEDIUM PATCH This Month

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libtpms Fedora Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-30846 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-3872 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-41991 HIGH PATCH This Week

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Strongswan Debian Linux Fedora +22
NVD GitHub
CVSS 3.1
7.5
EPSS
4.8%
CVE-2021-41990 HIGH This Week

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Strongswan Debian Linux Fedora +17
NVD GitHub
CVSS 3.1
7.5
EPSS
6.5%
CVE-2021-41611 HIGH PATCH This Week

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Squid Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-38562 HIGH PATCH This Week

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Request Tracker Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-38297 Go CRITICAL PATCH Act Now

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2021-28021 HIGH POC This Week

Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Stb Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-3875 MEDIUM POC PATCH This Month

vim is vulnerable to Heap-based Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2021-41800 PHP MEDIUM PATCH This Month

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Mediawiki Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-41799 HIGH This Week

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-41798 MEDIUM POC This Month

MediaWiki before 1.36.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-37976 MEDIUM POC KEV THREAT This Month

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
19.9%
CVE-2021-37975 HIGH KEV THREAT This Week

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
34.9%
CVE-2021-37974 HIGH This Week

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-37973 CRITICAL KEV PATCH THREAT Act Now

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
11.7%
CVE-2021-37972 HIGH POC This Week

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-37971 MEDIUM POC This Month

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-37970 HIGH POC This Week

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-37969 HIGH This Week

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Privilege Escalation Chrome Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-37968 MEDIUM This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-37967 MEDIUM This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-37966 MEDIUM This Month

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-37965 MEDIUM This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-37964 LOW Monitor

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-37963 MEDIUM This Month

Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-37962 HIGH This Week

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37961 HIGH This Week

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37959 HIGH This Week

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-37958 MEDIUM This Month

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Code Injection Chrome Fedora +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-37957 HIGH This Week

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-37956 HIGH This Week

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30633 CRITICAL KEV THREAT Act Now

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
32.7%
CVE-2021-30632 HIGH KEV THREAT This Week

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
64.5%
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Information Disclosure npm +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Lua Fedora
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered in Barrier before 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Barrier Fedora
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Owasp Modsecurity Core Rule Set Fedora +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Use of Uninitialized Variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Vim Fedora +1
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxls +1
NVD GitHub
EPSS 58% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Linux Information Disclosure Linux Kernel +8
NVD GitHub
EPSS 1% CVSS 7.4
HIGH This Week

Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Authentication Bypass +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 12% CVSS 8.3
HIGH POC THREAT This Week

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection Unicode +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libmysofa +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel for powerpc before 5.14.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bind Debian Linux +13
NVD
EPSS 45% CVSS 6.1
MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora +25
NVD GitHub
EPSS 8% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +26
NVD GitHub
EPSS 42% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +27
NVD GitHub
EPSS 1% CVSS 7.0
HIGH POC PATCH This Week

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running. Rated high severity (CVSS 7.0). Public exploit code available.

PHP Authentication Bypass Debian Linux +3
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

An issue was discovered in stb stb_image.h 2.27. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stb Image H Fedora
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

An issue was discovered in stb stb_image.h 1.33 through 2.27. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stb Image H Fedora +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM This Month

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Amd +11
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk +3
NVD GitHub
EPSS 2% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +3
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle Oncommand Insight +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight +3
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +14
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Denial Of Service Oracle Oncommand Insight +3
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +3
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +3
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +3
NVD
EPSS 4% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight +3
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight +3
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java +16
NVD
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 15% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java +14
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +14
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +13
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +3
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +8
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libtpms Fedora +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +9
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Strongswan +24
NVD GitHub
EPSS 6% CVSS 7.5
HIGH This Week

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Strongswan +19
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Squid Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Request Tracker Fedora +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Go Fedora
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Stb +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

vim is vulnerable to Heap-based Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Mediawiki Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mediawiki Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

MediaWiki before 1.36.2 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
EPSS 20% CVSS 6.5
MEDIUM POC KEV THREAT This Month

Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 35% CVSS 8.8
HIGH KEV THREAT This Week

Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 12% CVSS 9.6
CRITICAL KEV PATCH THREAT Act Now

Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure +3
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Privilege Escalation +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 3.3
LOW Monitor

Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Code Injection +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 33% CVSS 9.6
CRITICAL KEV THREAT Act Now

Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 65% CVSS 8.8
HIGH KEV THREAT This Week

Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
Prev Page 18 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy