Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-20246 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20245 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20244 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-21190 HIGH POC This Week

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21189 MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21188 HIGH POC This Week

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21187 MEDIUM This Month

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21186 MEDIUM This Month

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Chrome Fedora +1
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-21185 MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-21184 MEDIUM POC This Month

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-21183 MEDIUM POC This Month

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21182 MEDIUM POC This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-21181 MEDIUM This Month

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21180 HIGH POC This Week

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21179 HIGH POC This Week

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21178 MEDIUM PATCH This Month

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21177 MEDIUM POC THREAT This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
17.3%
CVE-2021-21176 MEDIUM POC This Month

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-21175 MEDIUM POC This Month

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21174 HIGH POC This Week

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21173 MEDIUM PATCH This Month

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21172 HIGH POC This Week

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-21171 MEDIUM POC This Month

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-21170 MEDIUM POC This Month

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21169 HIGH POC This Week

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21168 MEDIUM POC This Month

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-21167 HIGH POC This Week

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21166 HIGH KEV THREAT This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Race Condition Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
26.5%
CVE-2021-21165 HIGH POC This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Race Condition Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21164 MEDIUM This Month

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21163 MEDIUM This Month

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21162 HIGH POC This Week

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21161 HIGH POC This Week

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21160 HIGH POC This Week

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-21159 HIGH POC This Week

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-23351 Go MEDIUM PATCH This Month

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Proxyproto Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-3420 CRITICAL PATCH Act Now

A flaw was found in newlib in versions prior to 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Newlib Fedora
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-28041 HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh Fedora Cloud Backup +6
NVD GitHub
CVSS 3.1
7.1
EPSS
3.4%
CVE-2021-3404 HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2021-3403 HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Ytnef Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-22884 HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js Fedora Active Iq Unified Manager +10
NVD
CVSS 3.1
7.5
EPSS
32.4%
CVE-2021-22883 HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora E Series Performance Analyzer +6
NVD
CVSS 3.1
7.5
EPSS
77.4%
CVE-2021-22878 MEDIUM POC PATCH This Month

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
1.1%
CVE-2021-22877 MEDIUM POC PATCH This Month

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-20233 HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2021-20225 MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 Enterprise Linux Enterprise Linux Server Aus +5
NVD
CVSS 3.1
6.7
EPSS
1.0%
CVE-2021-26813 PyPI HIGH POC PATCH This Week

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Markdown2 Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-27923 PyPI HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-27922 PyPI HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2021-27921 PyPI HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-3197 PyPI CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
72.3%
CVE-2021-3148 PyPI CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-3144 PyPI CRITICAL PATCH Act Now

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
5.2%
CVE-2021-25284 PyPI MEDIUM PATCH This Month

An issue was discovered in through SaltStack Salt before 3002.5. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-25283 PyPI CRITICAL PATCH Act Now

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
10.4%
CVE-2021-25282 PyPI CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.1
EPSS
92.3%
CVE-2021-25281 PyPI CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
72.9%
CVE-2021-27803 HIGH PATCH This Week

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

RCE Denial Of Service Wpa Supplicant Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-21274 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-21273 PyPI MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-21330 PyPI MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Aiohttp Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-26701 NuGet HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core Powershell Core Visual Studio 2019 +1
NVD
CVSS 3.1
8.1
EPSS
30.3%
CVE-2021-3406 CRITICAL Act Now

A flaw was found in keylime 5.8.1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Keylime Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-20203 LOW POC PATCH Monitor

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Qemu Fedora Debian Linux
NVD
CVSS 3.1
3.2
EPSS
0.6%
CVE-2021-27645 LOW PATCH Monitor

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting. Rated low severity (CVSS 2.5).

Denial Of Service Glibc Fedora Debian Linux
NVD
CVSS 3.1
2.5
EPSS
0.4%
CVE-2021-3410 HIGH POC This Week

A flaw was found in libcaca v0.99.beta19. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libcaca Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-3407 MEDIUM This Month

A flaw was found in mupdf 1.18.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mupdf Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
50.2%
CVE-2021-3405 MEDIUM POC This Month

A flaw was found in libebml before 1.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libebml Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-26927 MEDIUM POC PATCH This Month

A flaw was found in jasper before 2.0.25. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20247 HIGH POC This Week

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mbsync Extra Packages For Enterprise Linux Debian Linux Fedora
NVD
CVSS 3.1
7.4
EPSS
1.9%
CVE-2021-26926 HIGH POC PATCH This Week

A flaw was found in jasper before 2.0.25. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Jasper Fedora
NVD GitHub
CVSS 3.1
7.1
EPSS
1.2%
CVE-2021-20229 MEDIUM This Month

A flaw was found in PostgreSQL in versions before 13.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21157 HIGH POC This Week

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Edge +3
NVD
CVSS 3.1
8.8
EPSS
9.5%
CVE-2021-21156 HIGH This Week

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-21155 CRITICAL POC Act Now

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2021-21154 CRITICAL POC Act Now

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2021-21153 HIGH POC This Week

Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21152 HIGH POC This Week

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21151 CRITICAL POC Act Now

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21150 CRITICAL POC Act Now

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Memory Corruption Use After Free Denial Of Service +2
NVD
CVSS 3.1
9.6
EPSS
1.2%
CVE-2021-21149 HIGH POC This Week

Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-22174 HIGH POC PATCH This Week

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-22173 HIGH POC PATCH This Week

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-26934 HIGH PATCH This Week

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26933 MEDIUM PATCH This Month

An issue was discovered in Xen 4.9 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-26932 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-26931 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-26930 HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27219 HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-27218 HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora Active Iq Unified Manager Cloud Backup +3
NVD
CVSS 3.1
7.5
EPSS
4.1%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass +3
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure +3
NVD
EPSS 17% CVSS 6.5
MEDIUM POC THREAT This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome +2
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Authentication Bypass +3
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 27% CVSS 8.8
HIGH KEV THREAT This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Race Condition +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Race Condition +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Buffer Overflow Memory Corruption +4
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Go Proxyproto Fedora
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in newlib in versions prior to 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Newlib +1
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh +8
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Ytnef +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +3
NVD GitHub
EPSS 32% CVSS 7.5
HIGH POC PATCH THREAT This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Node.js Authentication Bypass Node Js +12
NVD
EPSS 77% CVSS 7.5
HIGH PATCH This Week

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js +8
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud XSS Nextcloud Server +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Authentication Bypass Nextcloud Server +1
NVD GitHub
EPSS 1% CVSS 8.2
HIGH PATCH This Week

A flaw was found in grub2 in versions prior to 2.06. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Grub2 +7
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

A flaw was found in grub2 in versions prior to 2.06. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Grub2 +7
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Markdown2 Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Pillow before 8.1.2 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pillow Fedora
NVD
EPSS 72% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Salt Fedora +1
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Salt Fedora +1
NVD GitHub
EPSS 5% CVSS 9.1
CRITICAL PATCH Act Now

In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora +1
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM PATCH This Month

An issue was discovered in through SaltStack Salt before 3002.5. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Salt Fedora +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Salt +2
NVD GitHub
EPSS 92% CVSS 9.1
CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Salt Fedora +1
NVD GitHub
EPSS 73% CVSS 9.8
CRITICAL POC PATCH THREAT Emergency

An issue was discovered in through SaltStack Salt before 3002.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Salt Fedora +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

RCE Denial Of Service Wpa Supplicant +2
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Synapse +1
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Aiohttp +2
NVD GitHub
EPSS 30% CVSS 8.1
HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A flaw was found in keylime 5.8.1 and older. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Keylime +1
NVD GitHub
EPSS 1% CVSS 3.2
LOW POC PATCH Monitor

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Qemu +2
NVD
EPSS 0% CVSS 2.5
LOW PATCH Monitor

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting. Rated low severity (CVSS 2.5).

Denial Of Service Glibc Fedora +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A flaw was found in libcaca v0.99.beta19. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Libcaca +2
NVD GitHub
EPSS 50% CVSS 5.5
MEDIUM This Month

A flaw was found in mupdf 1.18.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mupdf Fedora +1
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

A flaw was found in libebml before 1.4.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Libebml +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in jasper before 2.0.25. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jasper +1
NVD GitHub
EPSS 2% CVSS 7.4
HIGH POC This Week

A flaw was found in mbsync before v1.3.5 and v1.4.1. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Mbsync Extra Packages For Enterprise Linux +2
NVD
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

A flaw was found in jasper before 2.0.25. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Jasper +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

A flaw was found in PostgreSQL in versions before 13.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Software Collections +2
NVD
EPSS 9% CVSS 8.8
HIGH POC This Week

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +5
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Memory Corruption +3
NVD
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 9.6
CRITICAL POC Act Now

Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Microsoft Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +1
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen 4.9 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Xen Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +7
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Linux Denial Of Service Linux Kernel +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glib Fedora +5
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Glib Fedora +5
NVD
Prev Page 26 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy