Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-30630 MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-30629 HIGH This Week

Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30628 HIGH This Week

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30627 HIGH This Week

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30626 HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-30625 HIGH POC THREAT This Week

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
10.1%
CVE-2021-41133 HIGH PATCH This Week

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Flatpak Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-42013 CRITICAL POC KEV PATCH THREAT Act Now

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE Http Server Fedora +4
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-28702 HIGH This Week

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Xen Fedora Debian Linux
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2021-39226 Go HIGH POC KEV PATCH THREAT This Week

Grafana is an open source data visualization platform. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Grafana Authentication Bypass Fedora
NVD GitHub
CVSS 3.1
7.3
EPSS
99.9%
CVE-2021-41773 CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE Http Server Fedora +2
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2021-41524 HIGH PATCH This Week

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Http Server Fedora Instantis Enterprisetrack +1
NVD
CVSS 3.1
7.5
EPSS
25.0%
CVE-2021-41091 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
2.7%
CVE-2021-41089 Go MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-41092 Go HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-41099 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service RCE Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-32762 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-32687 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-32675 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Fedora Debian Linux Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.5
EPSS
15.8%
CVE-2021-32672 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Redis Information Disclosure Software Collections Enterprise Linux +5
NVD GitHub
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-32628 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-32627 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-32626 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow RCE Fedora +4
NVD GitHub
CVSS 3.1
8.8
EPSS
15.1%
CVE-2021-41103 Go HIGH PATCH This Week

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Containerd Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-41864 HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +13
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-41617 HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh Fedora Active Iq Unified Manager +9
NVD VulDB
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-22945 CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Cloud Backup Clustered Data Ontap +13
NVD
CVSS 3.1
9.1
EPSS
6.2%
CVE-2021-32838 PyPI HIGH PATCH This Week

Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Flask Restx Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-41073 HIGH PATCH This Week

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora +10
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-39218 LIB MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-39219 LIB MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-39216 LIB MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). No vendor patch available.

Use After Free Memory Corruption Information Disclosure Wasmtime Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-39275 CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption Http Server Fedora +8
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2021-36160 HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure Http Server Fedora +10
NVD
CVSS 3.1
7.5
EPSS
62.9%
CVE-2021-34798 HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service Http Server Fedora +15
NVD
CVSS 3.1
7.5
EPSS
64.5%
CVE-2021-3796 HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.3
EPSS
1.7%
CVE-2021-3778 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-40839 PyPI HIGH PATCH This Week

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Rencode Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
5.6%
CVE-2021-40346 HIGH POC PATCH THREAT This Week

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Haproxy Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
57.9%
CVE-2021-21897 HIGH POC This Week

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow RCE Dxflib Extra Packages For Enterprise Linux +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-22004 PyPI MEDIUM PATCH This Month

An issue was discovered in SaltStack Salt before 3003.3. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Salt Fedora
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2021-21996 PyPI HIGH PATCH This Week

An issue was discovered in SaltStack Salt before 3003.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Salt Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-28701 HIGH This Week

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Race Condition Xen Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39254 HIGH This Week

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39253 HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39252 HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39251 HIGH This Week

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ntfs 3G Debian Linux Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35267 HIGH This Week

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35266 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow RCE Ntfs 3G +2
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33287 HIGH This Week

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35269 HIGH This Week

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-35268 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33289 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Ntfs 3G Debian Linux +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-33285 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ntfs 3G Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-40530 MEDIUM POC This Month

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Crypto Fedora
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-40529 MEDIUM POC PATCH This Month

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Mozilla Information Disclosure Botan Fedora Thunderbird
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2021-3770 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-30624 HIGH PATCH This Week

Chromium: CVE-2021-30624 Use after free in Autofill. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30623 HIGH PATCH This Week

Chromium: CVE-2021-30623 Use after free in Bookmarks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-30622 HIGH PATCH This Week

Chromium: CVE-2021-30622 Use after free in WebApp Installs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30621 MEDIUM PATCH This Month

Chromium: CVE-2021-30621 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2021-30620 HIGH PATCH This Week

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora Edge Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30619 MEDIUM PATCH This Month

Chromium: CVE-2021-30619 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2021-30618 HIGH PATCH This Week

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora Edge Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30617 MEDIUM PATCH This Month

Chromium: CVE-2021-30617 Policy bypass in Blink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2021-30616 HIGH PATCH This Week

Chromium: CVE-2021-30616 Use after free in Media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-30615 MEDIUM PATCH This Month

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
5.6%
CVE-2021-30614 HIGH PATCH This Week

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Fedora Edge +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-30613 HIGH PATCH This Week

Chromium: CVE-2021-30613 Use after free in Base internals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30612 HIGH PATCH This Week

Chromium: CVE-2021-30612 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-30611 HIGH PATCH This Week

Chromium: CVE-2021-30611 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-30610 HIGH PATCH This Week

Chromium: CVE-2021-30610 Use after free in Extensions API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30609 HIGH PATCH This Week

Chromium: CVE-2021-30609 Use after free in Sign-In. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-30608 HIGH PATCH This Week

Chromium: CVE-2021-30608 Use after free in Web Share. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30607 HIGH PATCH This Week

Chromium: CVE-2021-30607 Use after free in Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30606 HIGH PATCH This Week

Chromium: CVE-2021-30606 Use after free in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Edge +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-23437 PyPI HIGH POC PATCH This Week

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-39191 MEDIUM POC PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Apache Mod Auth Openidc Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-40490 HIGH PATCH This Week

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition Linux Kernel Fedora +14
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2021-33582 HIGH PATCH This Week

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imap Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-3634 MEDIUM PATCH This Month

A flaw has been found in libssh in versions prior to 0.9.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Libssh Virtualization +5
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2021-39164 PyPI LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
3.1
EPSS
1.5%
CVE-2021-39163 PyPI LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
CVSS 3.1
3.1
EPSS
0.9%
CVE-2021-34434 MEDIUM POC This Month

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mosquitto Fedora
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39272 MEDIUM This Month

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fetchmail Fedora
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-28700 MEDIUM This Month

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28699 MEDIUM This Month

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 10% CVSS 8.8
HIGH POC THREAT This Week

Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Flatpak Debian Linux +1
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE +6
NVD Exploit-DB
EPSS 0% CVSS 7.6
HIGH This Week

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Xen +2
NVD
EPSS 100% CVSS 7.3
HIGH POC KEV PATCH THREAT This Week

Grafana is an open source data visualization platform. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Grafana Authentication Bypass Fedora
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal RCE +4
NVD Exploit-DB
EPSS 25% CVSS 7.5
HIGH PATCH This Week

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Http Server +3
NVD
EPSS 3% CVSS 6.3
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Docker CLI is the command line interface for the docker container runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker Information Disclosure Command Line Interface +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow Denial Of Service +5
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Redis Integer Overflow +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 16% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Fedora +4
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Redis Information Disclosure +7
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE +5
NVD GitHub
EPSS 15% CVSS 8.8
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow +6
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Containerd Fedora +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow +15
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora +24
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh +11
NVD VulDB
EPSS 6% CVSS 9.1
CRITICAL POC PATCH Act Now

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Flask Restx +1
NVD GitHub
EPSS 2% CVSS 7.8
HIGH PATCH This Week

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +12
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Wasmtime +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Wasmtime +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Wasmtime is an open source runtime for WebAssembly & WASI. Rated medium severity (CVSS 6.3). No vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 36% CVSS 9.8
CRITICAL PATCH Act Now

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Apache Memory Corruption +10
NVD
EPSS 63% CVSS 7.5
HIGH PATCH This Week

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).4.30 to 2.4.48 (inclusive). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Apache Information Disclosure +12
NVD
EPSS 65% CVSS 7.5
HIGH PATCH This Week

Malformed requests may cause the server to dereference a NULL pointer.4.48 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Apache Denial Of Service +17
NVD
EPSS 2% CVSS 7.3
HIGH POC PATCH This Week

vim is vulnerable to Use After Free. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +4
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 6% CVSS 7.5
HIGH PATCH This Week

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\x2f\x7f), enabling a remote attack that consumes CPU and memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Rencode +1
NVD GitHub
EPSS 58% CVSS 7.5
HIGH POC PATCH THREAT This Week

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Haproxy +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow RCE +4
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

An issue was discovered in SaltStack Salt before 3003.3. Rated medium severity (CVSS 6.4).

Information Disclosure Race Condition Salt +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in SaltStack Salt before 3003.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Salt Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8). No vendor patch available.

Information Disclosure Race Condition Xen +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ntfs 3G +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS image a heap buffer overflow can occur resulting in memory disclosure, denial of service and even. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +4
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Buffer Overflow +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the function ntfs_attr_setup_flag, a heap buffer overflow can occur allowing for code execution and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +4
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC This Month

The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Crypto Fedora
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Mozilla Information Disclosure Botan +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30624 Use after free in Autofill. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30623 Use after free in Bookmarks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30622 Use after free in WebApp Installs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30621 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30619 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora +2
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30617 Policy bypass in Blink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30616 Use after free in Media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30613 Use after free in Base internals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30612 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30611 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30610 Use after free in Extensions API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30609 Use after free in Sign-In. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30608 Use after free in Web Share. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30607 Use after free in Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30606 Use after free in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Apache Mod Auth Openidc +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13. Rated high severity (CVSS 7.0).

Linux Information Disclosure Race Condition +16
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imap Fedora +1
NVD GitHub
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

A flaw has been found in libssh in versions prior to 0.9.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption +7
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Synapse Fedora
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mosquitto Fedora
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fetchmail Fedora
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Fedora +1
NVD
Prev Page 19 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy