Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2021-23336 MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure Fedora Debian Linux +9
NVD GitHub
CVSS 3.1
5.9
EPSS
36.0%
CVE-2021-22881 Ruby MEDIUM POC PATCH THREAT This Month

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rails Fedora
NVD
CVSS 3.1
6.1
EPSS
87.3%
CVE-2021-22880 Ruby HIGH POC PATCH This Week

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PostgreSQL Denial Of Service Rails Fedora
NVD
CVSS 3.1
7.5
EPSS
4.4%
CVE-2021-0326 HIGH PATCH This Week

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android +2
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2021-27135 CRITICAL PATCH Act Now

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Denial Of Service Xterm Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-26937 CRITICAL POC Act Now

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Screen Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
9.1%
CVE-2021-21148 HIGH KEV THREAT This Week

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
19.8%
CVE-2021-21147 MEDIUM This Month

Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-21146 CRITICAL Act Now

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21145 HIGH This Week

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-21144 HIGH This Week

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-21143 HIGH This Week

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-21142 CRITICAL Act Now

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-26925 MEDIUM PATCH This Month

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21289 Ruby HIGH PATCH This Week

Mechanize is an open-source ruby library that makes automated web interaction easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mechanize Fedora Debian Linux
NVD GitHub
CVSS 3.1
8.3
EPSS
3.5%
CVE-2021-3281 PyPI MEDIUM PATCH This Month

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Fedora Snapcenter
NVD
CVSS 3.1
5.3
EPSS
7.6%
CVE-2021-3347 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel through 5.10.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-3325 CRITICAL POC PATCH Act Now

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Monitorix Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-3272 MEDIUM POC This Month

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jasper Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-3156 HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo Fedora Debian Linux +21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
99.3%
CVE-2021-3308 MEDIUM PATCH This Month

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-3115 Go HIGH PATCH This Week

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Command Injection RCE Go Fedora +2
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2021-3114 Go MEDIUM PATCH This Month

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Fedora Debian Linux Cloud Insights Telegraf Agent +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-2022 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.1
4.4
EPSS
1.9%
CVE-2021-2021 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
10.1%
CVE-2021-2020 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2021-2019 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
2.7
EPSS
1.6%
CVE-2021-2016 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2021-2012 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.3%
CVE-2021-2011 MEDIUM This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2021-2010 MEDIUM This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +2
NVD
CVSS 3.1
4.2
EPSS
1.4%
CVE-2021-2009 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2021-2007 LOW Monitor

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass MySQL Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
3.7
EPSS
2.3%
CVE-2021-2006 MEDIUM This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +2
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-2002 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2021-2001 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
2.2%
CVE-2021-1998 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
3.8
EPSS
1.6%
CVE-2021-3181 MEDIUM PATCH This Month

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Mutt Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2021-3178 MEDIUM PATCH This Month

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Linux Path Traversal Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-3177 CRITICAL POC PATCH THREAT Act Now

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python RCE Fedora Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
9.8
EPSS
23.3%
CVE-2021-1723 NuGet HIGH PATCH This Week

ASP.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Asp Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2021-23240 HIGH POC This Week

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Hci Management Node Solidfire Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-23239 LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup Hci Management Node Solidfire +2
NVD
CVSS 3.1
2.5
EPSS
1.0%
CVE-2021-21116 HIGH This Week

Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21115 CRITICAL Act Now

User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google Information Disclosure Chrome +2
NVD
CVSS 3.1
9.6
EPSS
1.4%
CVE-2021-21114 HIGH This Week

Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21113 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21112 HIGH This Week

Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-21111 CRITICAL Act Now

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Fedora Debian Linux
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21110 CRITICAL Act Now

Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
3.1%
CVE-2021-21109 CRITICAL Act Now

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2021-21108 CRITICAL Act Now

Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
1.3%
CVE-2021-21107 CRITICAL Act Now

Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2021-21106 CRITICAL Act Now

Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
9.6
EPSS
2.2%
CVE-2020-35884 Cargo MEDIUM PATCH This Month

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Tiny Http Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-35730 MEDIUM KEV PATCH THREAT This Month

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
32.8%
CVE-2020-35738 MEDIUM POC This Month

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Wavpack Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-35376 HIGH POC This Week

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xpdf Fedora
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-29385 MEDIUM PATCH This Month

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Gdk Pixbuf Ubuntu Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2020-35680 HIGH PATCH This Week

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Opensmtpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2020-35679 HIGH PATCH This Week

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensmtpd Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2020-27846 Go CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml Openshift Container Platform Openshift Service Mesh +2
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2020-27781 HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage Openshift Container Platform Openstack Platform +1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-35480 MEDIUM This Month

An issue was discovered in MediaWiki before 1.35.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-35479 MEDIUM POC This Month

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2020-35478 MEDIUM POC This Month

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-35477 MEDIUM POC This Month

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-35475 HIGH This Week

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-35474 MEDIUM POC This Month

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-26259 Maven MEDIUM POC PATCH THREAT This Month

XStream is a Java library to serialize objects to XML and back again. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java Command Injection Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
6.8
EPSS
82.4%
CVE-2020-26258 Maven HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts Xstream Debian Linux +1
NVD GitHub
CVSS 3.1
7.7
EPSS
82.2%
CVE-2020-35381 Go HIGH POC PATCH This Week

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jsonparser Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2020-29486 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-29485 MEDIUM PATCH This Month

An issue was discovered in Xen 4.6 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-29484 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-29483 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Xen Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-29482 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2020-29481 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29480 LOW PATCH Monitor

An issue was discovered in Xen through 4.14.x. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Xen Debian Linux Fedora
NVD
CVSS 3.1
2.3
EPSS
0.3%
CVE-2020-29479 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Authentication Bypass Xen Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-29571 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-29570 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-29567 MEDIUM PATCH This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora
NVD
CVSS 3.1
6.2
EPSS
0.4%
CVE-2020-29566 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-0499 MEDIUM This Month

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Android Debian Linux +1
NVD
CVSS 3.1
4.3
EPSS
4.0%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-35176 MEDIUM This Month

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-26421 MEDIUM POC PATCH This Month

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure Wireshark Fedora +2
NVD
CVSS 3.1
5.3
EPSS
2.6%
EPSS 36% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Request Smuggling Python Information Disclosure +11
NVD GitHub
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Rails Fedora
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PostgreSQL Denial Of Service Rails +1
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +4
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Denial Of Service Xterm +2
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Screen Debian Linux +1
NVD
EPSS 20% CVSS 8.8
HIGH KEV THREAT This Week

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora
NVD GitHub
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Mechanize is an open-source ruby library that makes automated web interaction easy. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mechanize Fedora +1
NVD GitHub
EPSS 8% CVSS 5.3
MEDIUM PATCH This Month

In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in the Linux kernel through 5.10.11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption +4
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i.e., an installation without a hosts_deny option). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Monitorix Fedora
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jasper +1
NVD GitHub
EPSS 99% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo +23
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Fedora
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Command Injection RCE +4
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Fedora +3
NVD GitHub
EPSS 2% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle MySQL +5
NVD
EPSS 10% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 2.7
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 3% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle MySQL +5
NVD
EPSS 1% CVSS 4.2
MEDIUM This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass MySQL +5
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 3% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +4
NVD
EPSS 2% CVSS 3.8
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL +5
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Mutt Debian Linux +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Linux Path Traversal Linux Kernel +2
NVD
EPSS 23% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Python RCE +9
NVD GitHub
EPSS 5% CVSS 7.5
HIGH PATCH This Week

ASP.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Asp Net Core Visual Studio 2019 +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Hci Management Node +2
NVD
EPSS 1% CVSS 2.5
LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Google +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome +2
NVD
EPSS 3% CVSS 9.6
CRITICAL Act Now

Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 2% CVSS 9.6
CRITICAL Act Now

Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Tiny Http +1
NVD
EPSS 33% CVSS 6.1
MEDIUM KEV PATCH THREAT This Month

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Webmail +2
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Wavpack +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Xpdf +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Gdk Pixbuf Ubuntu Linux +1
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Opensmtpd +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensmtpd Fedora
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

A signature verification vulnerability exists in crewjam/saml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Grafana Saml +4
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ceph Ceph Storage +3
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

An issue was discovered in MediaWiki before 1.35.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Debian Linux +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mediawiki +2
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Mediawiki +1
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki Debian Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Debian Linux +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
EPSS 82% CVSS 6.8
MEDIUM POC PATCH THREAT This Month

XStream is a Java library to serialize objects to XML and back again. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java Command Injection Struts +3
NVD GitHub
EPSS 82% CVSS 7.7
HIGH POC PATCH THREAT This Week

XStream is a Java library to serialize objects to XML and back again. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SSRF Struts +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jsonparser Fedora
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen 4.6 through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Information Disclosure Xen Debian Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Xen Debian Linux +1
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

An issue was discovered in Xen through 4.14.x. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure Xen +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Authentication Bypass Xen +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Xen +2
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Xen Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xen Debian Linux +1
NVD
EPSS 4% CVSS 4.3
MEDIUM This Month

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure +3
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux +21
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora +21
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Awstats Debian Linux +1
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Information Disclosure +4
NVD
Prev Page 27 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy