Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2020-26420 MEDIUM POC PATCH This Month

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2020-26419 MEDIUM POC PATCH This Month

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2020-26418 MEDIUM POC PATCH This Month

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Debian Linux Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.3
EPSS
3.0%
CVE-2020-35132 MEDIUM POC PATCH This Month

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpldapadmin Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2020-27828 HIGH POC PATCH This Week

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Jasper Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-29668 LOW POC PATCH Monitor

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Sympa Fedora Debian Linux
NVD GitHub
CVSS 3.1
3.7
EPSS
2.0%
CVE-2020-16592 MEDIUM POC This Month

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Binutils Ontap Select Deploy Administration Utility +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-26257 PyPI MEDIUM PATCH This Month

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-29661 HIGH PATCH This Week

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +11
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2020-29660 MEDIUM POC PATCH This Month

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption Information Disclosure Linux Kernel +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-29651 PyPI HIGH PATCH This Week

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Py Fedora Zfs Storage Appliance Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-27918 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption Apple RCE +12
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-25664 MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-27818 LOW Monitor

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pngcheck Extra Packages For Enterprise Linux Fedora +1
NVD
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-29600 CRITICAL POC Act Now

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awstats Debian Linux Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2020-29562 MEDIUM POC This Month

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Fedora E Series Santricity Os Controller
NVD
CVSS 3.1
4.8
EPSS
1.5%
CVE-2020-27783 PyPI MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml Software Collections Enterprise Linux +5
NVD
CVSS 3.1
6.1
EPSS
3.9%
CVE-2020-25693 HIGH POC This Week

A flaw was found in CImg in versions prior to 2.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Cimg Fedora
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2020-25649 Maven HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services Oncommand Workflow Automation Service Level Manager +35
NVD GitHub
CVSS 3.1
7.5
EPSS
17.6%
CVE-2020-13584 HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2020-15257 Go MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker Information Disclosure Containerd +2
NVD GitHub
CVSS 3.1
5.2
EPSS
3.2%
CVE-2020-11867 LOW Monitor

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Audacity Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.5%
CVE-2020-29130 MEDIUM POC This Month

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libslirp Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2020-29129 MEDIUM This Month

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libslirp Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2020-25653 MEDIUM POC PATCH This Month

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2020-25652 MEDIUM POC PATCH This Month

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25651 MEDIUM POC PATCH This Month

A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2020-29074 HIGH PATCH This Week

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure X11Vnc Fedora Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-25650 MEDIUM POC PATCH This Month

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Spice Vdagent Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-28928 MEDIUM PATCH This Month

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Musl Debian Linux Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-26890 PyPI HIGH PATCH This Week

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.0%
CVE-2020-25660 HIGH This Week

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ceph Ceph Storage Openshift Container Platform Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25725 MEDIUM POC This Month

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Xpdf Fedora
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-20740 HIGH POC PATCH This Week

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Pdfresurrect Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-20739 MEDIUM POC PATCH This Month

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libvips Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2020-13671 PHP HIGH KEV PATCH THREAT This Week

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Drupal Fedora
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-4788 MEDIUM PATCH This Month

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. Rated medium severity (CVSS 4.7).

IBM Information Disclosure Vios Aix Fedora +3
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2020-28924 Go HIGH POC PATCH This Week

An issue was discovered in Rclone before 1.53.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rclone Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-28949 PHP HIGH POC KEV PATCH THREAT Act Now

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Archive Tar Debian Linux Fedora Drupal
NVD GitHub
CVSS 3.1
7.8
EPSS
84.6%
CVE-2020-28948 PHP HIGH POC PATCH THREAT This Week

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Archive Tar Debian Linux Fedora Drupal
NVD GitHub
CVSS 3.1
7.8
EPSS
47.5%
CVE-2020-28941 MEDIUM PATCH This Month

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-25703 PHP MEDIUM PATCH This Month

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2020-25702 PHP MEDIUM PATCH This Month

In Moodle, it was possible to include JavaScript when re-naming content bank items. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2020-25701 PHP MEDIUM PATCH This Month

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-25700 PHP MEDIUM PATCH This Month

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-25699 PHP HIGH PATCH This Week

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-25698 PHP HIGH PATCH This Week

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-8277 HIGH PATCH This Week

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js Fedora Blockchain Platform +5
NVD
CVSS 3.1
7.5
EPSS
54.2%
CVE-2020-28366 Go HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go Fedora Cloud Insights Telegraf Agent +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-28362 Go HIGH PATCH This Week

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora Cloud Insights Telegraf Agent Trident
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-8698 MEDIUM This Month

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode Clustered Data Ontap Hci Compute Node Bios +14
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-8696 MEDIUM This Month

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode Clustered Data Ontap Hcl Compute Node Bios +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8695 MEDIUM This Month

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 8510Y Firmware Core I7 8500Y Firmware Core I5 8310Y Firmware +298
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25658 PyPI MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa Openstack Platform Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
1.6%
CVE-2020-28368 MEDIUM PATCH This Month

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xen Fedora Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-0452 CRITICAL PATCH Act Now

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android +1
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2020-28196 HIGH PATCH This Week

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora Active Iq Unified Manager Cloud Backup +7
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-26892 Go CRITICAL PATCH Act Now

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Nats Server Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-26521 Go HIGH PATCH This Week

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Nats Server Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-16846 PyPI CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2020-28242 MEDIUM This Month

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Certified Asterisk Asterisk Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-28241 MEDIUM POC PATCH This Month

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmaxminddb Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-28049 MEDIUM POC This Month

An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Sddm Leap Debian Linux +1
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-8037 HIGH PATCH This Week

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Tcpdump Debian Linux Fedora Mac Os X +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-6557 MEDIUM This Month

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-16009 NuGet HIGH POC KEV PATCH THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Cefsharp Chrome +6
NVD
CVSS 3.1
8.8
EPSS
48.6%
CVE-2020-16008 HIGH This Week

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-16006 HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-16005 HIGH This Week

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-16004 HIGH This Week

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-16003 HIGH POC This Week

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-16002 HIGH POC This Week

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-16001 HIGH POC This Week

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-16000 HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-15999 NuGet CRITICAL POC KEV PATCH THREAT Act Now

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Freetype +4
NVD
CVSS 3.1
9.6
EPSS
50.6%
CVE-2020-15995 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-15992 HIGH POC This Week

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Debian Linux Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15991 HIGH This Week

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15990 HIGH This Week

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15989 MEDIUM PATCH This Month

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome Fedora Backports Sle +1
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-15988 MEDIUM This Month

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Microsoft Chrome Fedora +2
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2020-15987 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-15986 MEDIUM This Month

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15985 MEDIUM POC This Month

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-15984 MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Chrome Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15983 HIGH This Week

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15982 MEDIUM This Month

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-15981 MEDIUM This Month

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-15980 HIGH This Week

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Backports Sle Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +1
NVD
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +1
NVD
EPSS 3% CVSS 5.3
MEDIUM POC PATCH This Month

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +2
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpldapadmin +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Jasper Fedora
NVD GitHub
EPSS 2% CVSS 3.7
LOW POC PATCH Monitor

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Authentication Bypass Sympa Fedora +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Matrix is an ecosystem for open federated Instant Messaging and VoIP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Denial Of Service Synapse +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption +13
NVD
EPSS 0% CVSS 4.4
MEDIUM POC PATCH This Month

A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Linux Memory Corruption +12
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Py +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Memory Corruption +14
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 1% CVSS 3.3
LOW Monitor

A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Pngcheck +3
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Awstats Debian Linux +1
NVD GitHub
EPSS 2% CVSS 4.8
MEDIUM POC This Month

The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Glibc Fedora +1
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

A XSS vulnerability was discovered in python-lxml's clean module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Python Lxml +7
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

A flaw was found in CImg in versions prior to 2.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Cimg +1
NVD
EPSS 18% CVSS 7.5
HIGH PATCH This Week

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Jackson Databind Oncommand Api Services +37
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption RCE +2
NVD
EPSS 3% CVSS 5.2
MEDIUM PATCH This Month

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Kubernetes Microsoft Docker +4
NVD GitHub
EPSS 0% CVSS 3.3
LOW Monitor

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Audacity Fedora
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM POC This Month

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Libslirp +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libslirp +2
NVD
EPSS 0% CVSS 6.3
MEDIUM POC PATCH This Month

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. Rated medium severity (CVSS 6.3). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Spice Vdagent Debian Linux +1
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

A flaw was found in the SPICE file transfer protocol. Rated medium severity (CVSS 6.4). Public exploit code available.

Race Condition Denial Of Service Spice Vdagent +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure X11Vnc Fedora +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Spice Vdagent Debian Linux +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Musl +3
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Synapse Fedora
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ceph Ceph Storage +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version(). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Pdfresurrect +2
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libvips Debian Linux +1
NVD GitHub
EPSS 4% CVSS 8.8
HIGH KEV PATCH THREAT This Week

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Drupal +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. Rated medium severity (CVSS 4.7).

IBM Information Disclosure Vios +5
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Rclone before 1.53.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rclone Fedora
NVD GitHub
EPSS 85% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Archive Tar Debian Linux +2
NVD GitHub
EPSS 47% CVSS 7.8
HIGH POC PATCH THREAT This Week

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Archive Tar Debian Linux +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +2
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle Fedora
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In Moodle, it was possible to include JavaScript when re-naming content bank items. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moodle Fedora
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Moodle Fedora
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Moodle Fedora
NVD
EPSS 54% CVSS 7.5
HIGH PATCH This Week

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Node Js +7
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode +16
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Microcode +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 8510Y Firmware +300
NVD
EPSS 2% CVSS 5.9
MEDIUM POC PATCH This Month

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Python Information Disclosure Python Rsa +2
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Xen Fedora +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Kerberos 5 Fedora +9
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Nats Server Fedora
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Nats Server +1
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Certified Asterisk Asterisk +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libmaxminddb +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Sddm +3
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Tcpdump Debian Linux +3
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +3
NVD
EPSS 49% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +6
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +4
NVD
EPSS 51% CVSS 9.6
CRITICAL POC KEV PATCH THREAT Act Now

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Insufficient policy enforcement in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Google Information Disclosure Chrome +3
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 86.0.4240.75 allowed a remote attacker who convinced the user to open files to execute arbitrary code via a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Microsoft +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +5
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 86.0.4240.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient data validation in webUI in Google Chrome on ChromeOS prior to 86.0.4240.75 allowed a local attacker to bypass content security policy via a crafted HTML page. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in cache in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Information Disclosure +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 86.0.4240.75 allowed a local attacker to bypass navigation restrictions via crafted Intents. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +3
NVD
Prev Page 28 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy