Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-28698 MEDIUM This Month

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-28697 HIGH This Week

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-28696 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28695 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28694 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-40153 HIGH POC PATCH This Week

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Squashfs Tools Fedora Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-30604 HIGH POC This Week

Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-30603 HIGH POC This Week

Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Race Condition Chrome Fedora
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-30602 HIGH POC This Week

Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-30601 HIGH POC This Week

Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30600 HIGH POC This Week

Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-30599 HIGH This Week

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
5.4%
CVE-2021-30598 HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
7.0%
CVE-2021-30597 MEDIUM POC This Month

Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2021-30596 MEDIUM POC This Month

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-30594 MEDIUM POC This Month

Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2021-30593 HIGH POC This Week

Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-30592 HIGH POC This Week

Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-30591 HIGH POC This Week

Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-30590 HIGH POC This Week

Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-30984 HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple RCE Race Condition Safari Ipados +6
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-30954 HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption Safari Ipados +6
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-30953 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Information Disclosure Safari +7
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30952 HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE Safari Ipados +8
NVD
CVSS 3.1
7.8
EPSS
7.6%
CVE-2021-30951 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30936 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-30934 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Safari Ipados +6
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-30890 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados Iphone Os macOS +4
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-30887 MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +4
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-30858 HIGH KEV THREAT This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption Use After Free Denial Of Service +5
NVD
CVSS 3.1
8.8
EPSS
13.5%
CVE-2021-30851 HIGH This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Safari +7
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-38714 HIGH POC This Week

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Plib Debian Linux Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-39152 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
11.5%
CVE-2021-39150 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
3.4%
CVE-2021-39140 Maven MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
6.3
EPSS
5.9%
CVE-2021-39154 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39153 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java Xstream Fedora +11
NVD GitHub
CVSS 3.1
8.5
EPSS
4.5%
CVE-2021-39151 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39149 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39148 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39147 Maven HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.7%
CVE-2021-39146 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Fedora Debian Linux +12
NVD GitHub
CVSS 3.1
8.5
EPSS
14.3%
CVE-2021-39145 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.1%
CVE-2021-39144 Maven HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
98.1%
CVE-2021-39141 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
16.1%
CVE-2021-39139 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-37750 MEDIUM PATCH This Month

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-39360 MEDIUM This Month

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libzapojit Fedora
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-39359 MEDIUM This Month

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libgda Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2021-39358 MEDIUM This Month

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libgfbgraph Fedora
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-25218 HIGH POC PATCH This Week

In BIND 9.16.19, 9.17.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bind Fedora
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-39242 HIGH This Week

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-39241 MEDIUM This Month

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-39240 HIGH This Week

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-33193 HIGH POC PATCH THREAT This Week

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.4.17 to 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Authentication Bypass Debian Linux Http Server Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
46.2%
CVE-2021-3635 MEDIUM This Month

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-3573 MEDIUM POC PATCH This Month

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call. Rated medium severity (CVSS 6.4). Public exploit code available.

Linux Denial Of Service Race Condition Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-37695 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux Fedora Application Express +8
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-31556 CRITICAL PATCH Act Now

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-32809 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ckeditor Fedora Application Express +7
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-32808 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora Application Express Banking Party Management +9
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-38604 HIGH POC PATCH This Week

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Glibc Fedora Communications Cloud Native Core Binding Support Function +5
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-20314 CRITICAL PATCH Act Now

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service RCE Memory Corruption Libspf2 +2
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2021-38593 HIGH PATCH This Week

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Qt Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-36770 HIGH PATCH This Week

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure P5 Encode Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-0004 MEDIUM This Month

Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Denial Of Service Ethernet Controller E810 Firmware Fedora
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-0002 HIGH This Week

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Information Disclosure Ethernet Controller E810 Firmware Fedora
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-38512 Cargo HIGH POC PATCH This Week

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Actix Http Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-37615 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-34335 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37622 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37621 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37620 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-37619 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37618 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37616 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-37623 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-34334 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-32815 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-36221 Go MEDIUM PATCH This Month

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Race Condition Go Fedora Debian Linux +2
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2021-38173 CRITICAL PATCH Act Now

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Btrbk Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-38166 HIGH PATCH This Week

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-38165 MEDIUM This Month

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Lynx Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
4.5%
CVE-2021-29923 HIGH POC PATCH This Week

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Go Timesten In Memory Database Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-22924 LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Cloud Backup +29
NVD
CVSS 3.1
3.7
EPSS
6.3%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-30589 MEDIUM PATCH This Month

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-30588 HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-30587 MEDIUM POC This Month

Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%
EPSS 0% CVSS 5.5
MEDIUM This Month

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Xen +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd +3
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Squashfs Tools Fedora +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Race Condition +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 5% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Memory Corruption +2
NVD
EPSS 7% CVSS 8.8
HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Memory Corruption +2
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A race condition was addressed with improved state handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apple RCE Race Condition +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A type confusion issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Memory Corruption +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +9
NVD
EPSS 8% CVSS 7.8
HIGH POC KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Integer Overflow RCE +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption +10
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption +10
NVD
EPSS 3% CVSS 8.8
HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +8
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Ipados +6
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A logic issue was addressed with improved restrictions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados +6
NVD
EPSS 13% CVSS 8.8
HIGH KEV THREAT This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Memory Corruption +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE +9
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Plib +3
NVD
EPSS 11% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 3% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Java Xstream +14
NVD GitHub
EPSS 6% CVSS 6.3
MEDIUM POC PATCH This Month

XStream is a simple library to serialize objects to XML and back again. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. Public exploit code available.

Deserialization Denial Of Service Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Java +13
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.5
HIGH POC PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 14% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 4% CVSS 8.5
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 98% CVSS 8.5
HIGH POC KEV PATCH THREAT Act Now

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE Code Injection Xstream +14
NVD GitHub
EPSS 16% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java +15
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Kerberos 5 +4
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libzapojit Fedora
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libgda Fedora
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libgfbgraph Fedora
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In BIND 9.16.19, 9.17.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Bind Fedora
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy Debian Linux +1
NVD
EPSS 46% CVSS 7.5
HIGH POC PATCH THREAT This Week

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.4.17 to 2.4.48. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Authentication Bypass Debian Linux +5
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel +2
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call. Rated medium severity (CVSS 6.4). Public exploit code available.

Linux Denial Of Service Race Condition +3
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux +10
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Mediawiki +1
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ckeditor +9
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora +11
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Glibc +7
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Denial Of Service RCE +4
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Qt +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure P5 Encode Fedora
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper buffer restrictions in the firmware of Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow a privileged user to potentially enable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Intel Denial Of Service +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Information Disclosure +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Actix Http +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Exiv2 +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Exiv2 Fedora +1
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Race Condition Go +4
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Btrbk Debian Linux +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow +3
NVD
EPSS 4% CVSS 5.3
MEDIUM This Month

Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Lynx Debian Linux +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Go Timesten In Memory Database +1
NVD GitHub
EPSS 6% CVSS 3.7
LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +31
NVD
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure +2
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
Prev Page 20 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy