Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-30586 HIGH This Week

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Memory Corruption Use After Free Denial Of Service +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-30585 HIGH PATCH This Week

Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Memory Corruption Use After Free Denial Of Service +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-30584 MEDIUM POC This Month

Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-30583 MEDIUM This Month

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-30582 MEDIUM POC This Month

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
5.5%
CVE-2021-30581 HIGH POC This Week

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30580 MEDIUM This Month

Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-30579 HIGH POC This Week

Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-30578 HIGH POC This Week

Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-30577 HIGH POC This Week

Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome Fedora
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-30576 HIGH POC This Week

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30575 HIGH POC This Week

Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-30574 HIGH POC This Week

Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-30573 HIGH POC This Week

Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
6.3%
CVE-2021-30572 HIGH POC This Week

Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-30571 CRITICAL POC Act Now

Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2021-30569 HIGH PATCH This Week

Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-30568 HIGH PATCH This Week

Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-30567 HIGH POC This Week

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30566 HIGH POC This Week

Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-30565 HIGH POC This Week

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-3673 HIGH POC This Week

A vulnerability was found in Radare2 in version 5.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Radare2 Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-32810 Cargo CRITICAL PATCH Act Now

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Crossbeam Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-34556 MEDIUM PATCH This Month

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-35477 MEDIUM PATCH This Month

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-37746 MEDIUM PATCH This Month

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Claws Mail Sylpheed Fedora
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-36386 HIGH PATCH This Week

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fetchmail Fedora
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32610 PHP HIGH PATCH This Week

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Archive Tar Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
73.4%
CVE-2021-23414 npm MEDIUM POC PATCH This Month

This affects the package video.js before 7.14.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Video Js Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.6%
CVE-2021-37576 HIGH POC PATCH This Week

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-32792 MEDIUM PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-32791 MEDIUM PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.5%
CVE-2021-31292 PyPI HIGH POC This Week

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service Exiv2 Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32786 MEDIUM POC PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Apache Mod Auth Openidc Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2021-35063 HIGH This Week

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-37220 MEDIUM POC This Month

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mupdf Fedora
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-32761 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Redis RCE Information Disclosure Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
31.0%
CVE-2021-2389 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
5.9
EPSS
8.2%
CVE-2021-2385 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
5.0
EPSS
1.9%
CVE-2021-2384 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2021-2383 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2374 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.1). No vendor patch available.

Oracle Authentication Bypass Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.1
EPSS
0.5%
CVE-2021-2372 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.4
EPSS
3.0%
CVE-2021-2370 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.5%
CVE-2021-2367 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2357 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2356 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2021-2354 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2021-2352 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.8%
CVE-2021-2342 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2341 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Openjdk Graalvm +4
NVD
CVSS 3.1
3.1
EPSS
4.2%
CVE-2021-2340 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Fedora Oncommand Insight +2
NVD
CVSS 3.1
2.7
EPSS
2.3%
CVE-2021-2339 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2021-33910 MEDIUM POC PATCH This Month

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Fedora Debian Linux Hci Management Node +1
NVD GitHub
CVSS 3.1
5.5
EPSS
8.6%
CVE-2021-33909 HIGH POC PATCH This Week

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +5
NVD GitHub
CVSS 3.1
7.8
EPSS
9.7%
CVE-2021-3246 HIGH POC This Week

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Libsndfile Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2021-36979 MEDIUM PATCH This Month

Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Unicorn Engine Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-36976 MEDIUM This Month

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure Libarchive Fedora +5
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-32760 Go MEDIUM PATCH This Month

containerd is a container runtime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Containerd Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-32749 HIGH POC PATCH This Week

fail2ban is a daemon to ban hosts that cause multiple authentication errors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Fail2Ban Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
3.6%
CVE-2021-34558 Go MEDIUM PATCH This Month

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go Fedora Cloud Insights Telegraf +3
NVD
CVSS 3.1
6.5
EPSS
7.0%
CVE-2021-36740 MEDIUM PATCH This Month

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Varnish Cache Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-24119 MEDIUM This Month

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Mbed Tls Fedora Debian Linux
NVD GitHub
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-34552 PyPI CRITICAL PATCH Act Now

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Python Pillow Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-32705 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-32703 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-32688 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-32680 LOW PATCH Monitor

Nextcloud Server is a Nextcloud package that handles data storage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2021-36377 HIGH This Week

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fossil Fedora
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-32679 HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-32678 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-3612 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux Fedora +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3571 HIGH PATCH This Week

A flaw was found in the ptp4l program of the linuxptp package. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linuxptp Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
1.9%
CVE-2021-3570 HIGH PATCH This Week

A flaw was found in the ptp4l program of the linuxptp package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Linuxptp Enterprise Linux Enterprise Linux Aus +4
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-21779 HIGH POC This Week

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-21775 HIGH POC This Week

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple Memory Corruption Webkitgtk +2
NVD
CVSS 3.1
8.0
EPSS
1.3%
CVE-2021-32740 Ruby HIGH PATCH This Week

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Addressable Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-30557 HIGH This Week

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
11.7%
CVE-2021-30556 HIGH This Week

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-30554 HIGH KEV THREAT This Week

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2021-35197 HIGH POC This Week

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-35042 PyPI CRITICAL POC PATCH THREAT Act Now

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django Fedora
NVD
CVSS 3.1
9.8
EPSS
44.4%
CVE-2021-36087 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Selinux Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-36086 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure Debian Linux Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2021-36085 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Selinux Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-36084 LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Selinux Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2021-3630 MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Djvulibre Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-33503 PyPI HIGH PATCH This Week

An issue was discovered in urllib3 before 1.26.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Urllib3 Fedora Enterprise Manager Ops Center Instantis Enterprisetrack +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-33515 MEDIUM This Month

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Dovecot Fedora Debian Linux
NVD
CVSS 3.1
4.8
EPSS
2.8%
CVE-2021-29157 MEDIUM This Month

Dovecot before 2.3.15 allows ../ Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dovecot Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Microsoft Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Memory Corruption +4
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +2
NVD
EPSS 5% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A vulnerability was found in Radare2 in version 5.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Radare2 Fedora
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Crossbeam +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Claws Mail Sylpheed +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fetchmail Fedora
NVD
EPSS 73% CVSS 7.1
HIGH PATCH This Week

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Archive Tar Debian Linux +1
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM POC PATCH This Month

This affects the package video.js before 7.14.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Video Js +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Memory Corruption +2
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Mod Auth Openidc +1
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Mod Auth Openidc +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +3
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Apache Mod Auth Openidc +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Suricata Information Disclosure Debian Linux +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mupdf +1
NVD
EPSS 31% CVSS 7.5
HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Redis RCE +3
NVD GitHub
EPSS 8% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server +6
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.1). No vendor patch available.

Oracle Authentication Bypass Mysql Server +2
NVD
EPSS 3% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server +6
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server +4
NVD
EPSS 4% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +6
NVD
EPSS 2% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +2
NVD
EPSS 9% CVSS 5.5
MEDIUM POC PATCH This Month

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Fedora +3
NVD GitHub
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +7
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Unicorn Engine +1
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM This Month

libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Information Disclosure +7
NVD GitHub
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

containerd is a container runtime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Containerd Fedora
NVD GitHub
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

fail2ban is a daemon to ban hosts that cause multiple authentication errors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Fail2Ban +1
NVD GitHub
EPSS 7% CVSS 6.5
MEDIUM PATCH This Month

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Varnish Cache +2
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM This Month

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Mbed Tls +2
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Python Pillow +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Nextcloud Server is a Nextcloud package that handles data storage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Nextcloud Information Disclosure Nextcloud Server +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fossil Fedora
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Nextcloud Server is a Nextcloud package that handles data storage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +16
NVD
EPSS 2% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the ptp4l program of the linuxptp package. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linuxptp Enterprise Linux +1
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in the ptp4l program of the linuxptp package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Linuxptp +6
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple +4
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Apple +4
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Addressable Fedora
NVD GitHub
EPSS 12% CVSS 8.8
HIGH This Week

Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 7% CVSS 8.8
HIGH KEV THREAT This Week

Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux +1
NVD
EPSS 44% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Python Django +1
NVD
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Selinux +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Use After Free Information Disclosure +9
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC PATCH Monitor

The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Djvulibre +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in urllib3 before 1.26.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Urllib3 Fedora +3
NVD GitHub
EPSS 3% CVSS 4.8
MEDIUM This Month

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Dovecot Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Dovecot before 2.3.15 allows ../ Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Dovecot Fedora
NVD
Prev Page 21 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy