Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-28677 PyPI HIGH PATCH This Week

An issue was discovered in Pillow before 8.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-28676 PyPI HIGH PATCH This Week

An issue was discovered in Pillow before 8.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-25288 PyPI CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-25287 PyPI CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-28675 PyPI MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pillow Fedora
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-3543 MEDIUM This Month

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Nitro Enclaves Enterprise Linux +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3516 HIGH POC PATCH This Week

There's a flaw in libxml2's xmllint in versions before 2.9.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Xmllint Debian Linux +7
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2021-23017 HIGH POC PATCH THREAT This Week

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nginx Denial Of Service Openresty Fedora Ontap Select Deploy Administration Utility +9
NVD Exploit-DB
CVSS 3.1
7.7
EPSS
53.5%
CVE-2021-29505 Maven HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java Xstream Debian Linux +15
NVD GitHub
CVSS 3.1
8.8
EPSS
77.7%
CVE-2021-32642 CRITICAL Act Now

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Radsecproxy Fedora
NVD GitHub
CVSS 3.1
9.4
EPSS
1.3%
CVE-2021-33620 MEDIUM PATCH This Month

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Squid Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
79.6%
CVE-2021-20292 MEDIUM PATCH This Month

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Privilege Escalation Memory Corruption Linux Kernel +3
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-20240 HIGH PATCH This Week

A flaw was found in gdk-pixbuf in versions before 2.42.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Gdk Pixbuf Fedora
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-20239 LOW Monitor

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-20236 CRITICAL PATCH Act Now

A flaw was found in the ZeroMQ server in versions before 4.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zeromq Ceph Storage Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-31808 MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Squid Debian Linux Cloud Manager +1
NVD GitHub
CVSS 3.1
6.5
EPSS
5.5%
CVE-2021-33200 HIGH PATCH This Week

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Privilege Escalation Memory Corruption Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31806 MEDIUM POC PATCH THREAT This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora Cloud Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
95.8%
CVE-2021-31535 CRITICAL POC THREAT Act Now

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libx11 X Window System Fedora
NVD
CVSS 3.1
9.8
EPSS
10.6%
CVE-2021-31525 Go MEDIUM PATCH This Month

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Go Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
3.7%
CVE-2021-30465 Go HIGH PATCH This Week

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Microsoft Path Traversal Race Condition Runc Fedora
NVD GitHub
CVSS 3.1
8.5
EPSS
6.6%
CVE-2021-28662 MEDIUM PATCH This Month

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
71.9%
CVE-2021-28652 MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
4.3%
CVE-2021-28651 HIGH POC PATCH This Week

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora Cloud Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
7.4%
CVE-2021-30501 MEDIUM POC PATCH This Month

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Upx Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-30500 HIGH POC PATCH This Week

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference RCE Denial Of Service Upx Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-30499 HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-3561 HIGH POC PATCH This Week

An Out of Bounds flaw was found fig2dev version 3.2.8a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Fig2Dev Fedora Debian Linux
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-30498 HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libcaca Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-30471 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30470 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-30469 MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Podofo Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-25217 HIGH POC PATCH This Week

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dhcp Fedora Debian Linux Ruggedcom Rox Rx1400 Firmware +12
NVD
CVSS 3.1
7.4
EPSS
6.1%
CVE-2021-20297 MEDIUM PATCH This Month

A flaw was found in NetworkManager in versions before 1.30.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Networkmanager Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-33194 Go HIGH PATCH This Week

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
7.3%
CVE-2021-20178 PyPI MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-22543 HIGH POC This Week

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. Rated high severity (CVSS 8.7). Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Kernel Fedora Debian Linux +10
NVD GitHub
CVSS 4.0
8.7
EPSS
0.7%
CVE-2021-31924 MEDIUM This Month

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pam U2F Fedora
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-33574 CRITICAL POC Act Now

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Glibc Fedora +11
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-33477 HIGH POC PATCH This Week

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Eterm Mrxvt Rxvt Unicode Rxvt +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-3480 HIGH PATCH This Week

A flaw was found in slapi-nis in versions before 0.56.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Slapi Nis Fedora
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-3426 MEDIUM PATCH This Month

There's a flaw in Python 3's pydoc. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Fedora Debian Linux Software Collections +6
NVD
CVSS 3.1
5.7
EPSS
1.9%
CVE-2021-20718 HIGH This Week

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mod Auth Openidc Fedora Essbase
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-3517 Ruby HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-3445 HIGH This Week

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jwt Attack Libdnf Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3421 MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-3531 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Red Hat Ceph Ceph Storage Fedora
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-3518 Ruby HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Libxml2 Debian Linux +16
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2021-32617 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-3524 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Ceph Ceph Storage Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-33034 HIGH POC PATCH This Week

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-3402 CRITICAL POC Act Now

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service Information Disclosure Yara +1
NVD
CVSS 3.1
9.1
EPSS
2.2%
CVE-2021-3537 Ruby MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 Jboss Core Services Enterprise Linux +16
NVD
CVSS 3.1
5.9
EPSS
3.5%
CVE-2021-32613 MEDIUM POC PATCH This Month

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure Radare2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-29510 PyPI HIGH PATCH This Week

Pydantic is a data validation and settings management using Python type hinting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Pydantic Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29623 LOW PATCH Monitor

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
1.1%
CVE-2021-32921 MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Prosody Fedora Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2021-32920 HIGH This Week

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-32919 HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32918 HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-32917 MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Prosody Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-21424 PHP MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Symfony Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-31215 HIGH This Week

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-23134 HIGH PATCH This Week

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Linux Memory Corruption Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-20277 HIGH This Week

A flaw was found in Samba's libldb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samba Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-3504 MEDIUM PATCH This Month

A flaw was found in the hivex library in versions before 1.3.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Hivex Enterprise Linux +2
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2021-32606 HIGH PATCH This Week

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Privilege Escalation Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-31204 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2021-29471 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-32056 MEDIUM PATCH This Month

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Imap Fedora
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-21419 PyPI MEDIUM PATCH This Month

Eventlet is a concurrent networking library for Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Eventlet Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-32052 PyPI MEDIUM PATCH This Month

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django Fedora
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2021-31829 MEDIUM PATCH This Month

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Linux Authentication Bypass Linux Kernel Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-30473 CRITICAL PATCH Act Now

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aomedia Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20204 CRITICAL Act Now

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Privilege Escalation Getdata +2
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-3501 HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux +17
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-32062 MEDIUM This Month

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mapserver Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-31542 PyPI HIGH PATCH This Week

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
5.3%
CVE-2021-20254 MEDIUM This Month

A flaw was found in samba. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Samba Fedora +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2021-31800 PyPI CRITICAL PATCH Act Now

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Impacket Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
19.3%
CVE-2021-25317 LOW Monitor

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cups Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-29478 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2021-29477 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-21233 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21232 HIGH This Week

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21231 HIGH This Week

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21230 HIGH This Week

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21229 MEDIUM This Month

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21228 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-21227 HIGH This Week

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Pillow before 8.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pillow Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Pillow before 8.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pillow Fedora
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow +1
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pillow Fedora
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

There's a flaw in libxml2's xmllint in versions before 2.9.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +9
NVD
EPSS 53% CVSS 7.7
HIGH POC PATCH THREAT This Week

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nginx Denial Of Service Openresty +11
NVD Exploit-DB
EPSS 78% CVSS 8.8
HIGH POC PATCH THREAT This Week

XStream is software for serializing Java objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Java +17
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL Act Now

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Radsecproxy +1
NVD GitHub
EPSS 80% CVSS 6.5
MEDIUM PATCH This Month

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Squid Fedora +1
NVD GitHub
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Privilege Escalation +5
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A flaw was found in gdk-pixbuf in versions before 2.42.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Gdk Pixbuf +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in the ZeroMQ server in versions before 4.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zeromq Ceph Storage +2
NVD GitHub
EPSS 5% CVSS 6.5
MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Squid +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Privilege Escalation +13
NVD
EPSS 96% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux +2
NVD GitHub
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Act Now

LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libx11 +2
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Go Fedora
NVD GitHub
EPSS 7% CVSS 8.5
HIGH PATCH This Week

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Microsoft Path Traversal Race Condition +2
NVD GitHub
EPSS 72% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux +1
NVD GitHub
EPSS 4% CVSS 4.9
MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux +1
NVD GitHub
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Upx Enterprise Linux +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference RCE Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libcaca Fedora
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

An Out of Bounds flaw was found fig2dev version 3.2.8a. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Fig2Dev Fedora +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A flaw was found in libcaca. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libcaca +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Podofo Enterprise Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A flaw was found in PoDoFo 0.9.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 6% CVSS 7.4
HIGH POC PATCH This Week

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Dhcp Fedora +14
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in NetworkManager in versions before 1.30.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Networkmanager Openshift Container Platform +2
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Fedora
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Ansible Tower +1
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC This Week

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. Rated high severity (CVSS 8.7). Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Kernel +12
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pam U2F Fedora
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +13
NVD
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Eterm Mrxvt +4
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in slapi-nis in versions before 0.56.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Slapi Nis +1
NVD
EPSS 2% CVSS 5.7
MEDIUM PATCH This Month

There's a flaw in Python 3's pydoc. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Fedora +8
NVD
EPSS 3% CVSS 7.5
HIGH This Week

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mod Auth Openidc Fedora +1
NVD GitHub
EPSS 8% CVSS 8.6
HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 +27
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Jwt Attack Libdnf +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the RPM package in the read functionality. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Rpm +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Red Hat Ceph +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

There's a flaw in libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure +18
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Exiv2 Fedora
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat Code Injection Ceph +3
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption +4
NVD
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Denial Of Service +3
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxml2 +18
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Memory Corruption Information Disclosure +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Pydantic is a data validation and settings management using Python type hinting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Pydantic +1
NVD GitHub
EPSS 1% CVSS 3.3
LOW PATCH Monitor

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Exiv2 Fedora
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Prosody +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prosody Debian Linux +1
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Prosody Debian Linux +1
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Symfony +1
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Slurm Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Linux Memory Corruption +4
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A flaw was found in Samba's libldb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samba +2
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in the hivex library in versions before 1.3.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Privilege Escalation +3
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Net Core +2
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse +1
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass Imap Fedora
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Eventlet is a concurrent networking library for Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Denial Of Service Eventlet +1
NVD GitHub
EPSS 3% CVSS 6.1
MEDIUM PATCH This Month

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Linux Authentication Bypass Linux Kernel +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Aomedia Fedora
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +4
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption +19
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mapserver Fedora
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django +2
NVD GitHub
EPSS 2% CVSS 6.8
MEDIUM This Month

A flaw was found in samba. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +4
NVD
EPSS 19% CVSS 9.8
CRITICAL PATCH Act Now

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Impacket +1
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cups Fedora
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis Integer Overflow RCE +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
Prev Page 23 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy