Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2024-1062 MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service 389 Directory Server Directory Server +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-1151 MEDIUM PATCH This Month

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Linux Debian Linux Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-1312 MEDIUM PATCH This Month

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Denial Of Service Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-1048 LOW Monitor

A flaw was found in the grub2-set-bootflag utility of grub2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2 Enterprise Linux Fedora
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-0690 PyPI MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux Ansible Automation Platform Ansible Developer +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-22667 HIGH POC PATCH This Week

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Vim Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-6780 MEDIUM POC This Month

An integer overflow was found in the __vsyslog_internal function of the glibc library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-6779 HIGH POC This Week

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-6246 HIGH POC THREAT Act Now

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, reachable via the syslog/vsyslog interfaces when openlog was not called (or called with a NULL ident) and argv[0]'s basename exceeds 1024 bytes. Any setuid/setgid binary on affected Linux distributions (including Fedora 38 and 39) that invokes syslog can be leveraged by a local attacker to crash the process or escalate privileges to root. Publicly available exploit code exists and EPSS sits at the 96th percentile, signaling meaningful real-world risk despite the local attack vector.

Privilege Escalation Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.4
EPSS
25.5%
CVE-2024-1086 HIGH POC KEV PATCH THREAT This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Use After Free Linux Memory Corruption Linux Kernel +11
NVD GitHub
CVSS 3.1
7.8
EPSS
28.1%
CVE-2023-40548 HIGH This Week

A buffer overflow was found in Shim in the 32-bit system. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Integer Overflow Shim Fedora
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2024-0814 MEDIUM This Month

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-0813 HIGH This Week

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0812 HIGH This Week

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-0811 MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2024-0809 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0806 HIGH This Week

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service Memory Corruption Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-0805 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-0804 HIGH This Week

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-22421 PyPI MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyterlab Notebook Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2024-22420 PyPI MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jupyterlab Notebook Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0607 MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-0517 HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
21.7%
CVE-2024-0232 MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Sqlite Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0553 HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls Fedora Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2024-23301 MEDIUM POC PATCH This Month

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Relax And Recover Linux Enterprise Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0443 MEDIUM This Month

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0333 MEDIUM This Month

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-41056 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Redis Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
6.8%
CVE-2023-5455 MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux For Arm 64 Eus +17
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-3600 HIGH PATCH This Week

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. Rated high severity (CVSS 7.8). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow RCE Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22049 Ruby MEDIUM POC PATCH This Month

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Fedora Httparty
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-6270 HIGH This Week

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Linux Memory Corruption Denial Of Service RCE +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-0225 HIGH This Month

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0224 HIGH This Month

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0223 HIGH This Month

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
9.6%
CVE-2024-0222 HIGH This Month

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0217 LOW PATCH Monitor

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Packagekit Enterprise Linux +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2023-6004 MEDIUM This Month

A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-6693 MEDIUM PATCH This Month

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2023-7104 HIGH POC PATCH This Week

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Handler. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Sqlite Fedora
NVD VulDB
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-6879 CRITICAL POC PATCH Act Now

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Aomedia Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-7101 HIGH POC KEV PATCH THREAT Act Now

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Spreadsheet Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
16.8%
CVE-2023-51767 HIGH This Week

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass SSH Openssh Fedora Enterprise Linux
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-51766 MEDIUM POC PATCH This Month

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Exim Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-51764 MEDIUM POC This Month

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Postfix Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.6%
CVE-2023-7024 HIGH POC KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2023-6546 HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2023-4256 MEDIUM POC This Month

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4255 MEDIUM POC PATCH This Month

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service W3M Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-6918 MEDIUM This Month

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-47038 HIGH PATCH This Week

A vulnerability was found in perl 5.30.0 through 5.38.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Perl Fedora Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-6702 HIGH This Week

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
43.5%
CVE-2023-5764 PyPI HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible Extra Packages For Enterprise Linux Fedora +3
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-46219 MEDIUM POC This Month

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-6679 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-6186 HIGH This Week

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6185 HIGH This Week

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6622 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Fedora Linux Kernel +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-45866 MEDIUM PATCH This Month

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubuntu Authentication Bypass Android Ubuntu Linux Iphone Os +4
NVD GitHub
CVSS 3.1
6.3
EPSS
7.9%
CVE-2023-46218 MEDIUM POC PATCH This Month

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-6512 MEDIUM This Month

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Debian Linux Fedora Chrome
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-6511 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux Fedora Chrome
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-6510 HIGH This Week

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6509 HIGH This Week

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6508 HIGH This Week

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-42917 HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +6
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2023-42916 MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Safari Ipados +5
NVD
CVSS 3.1
6.5
EPSS
17.8%
CVE-2023-6351 HIGH This Week

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6350 HIGH This Week

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-6348 HIGH This Week

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6347 HIGH This Week

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-6346 HIGH This Week

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6345 CRITICAL KEV THREAT Act Now

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome Debian Linux +2
NVD
CVSS 3.1
9.6
EPSS
19.6%
CVE-2023-5981 MEDIUM This Month

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Debian Linux Gnutls Linux Fedora
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-6277 MEDIUM POC PATCH This Month

An out-of-memory flaw was found in libtiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libtiff Fedora
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-5972 HIGH PATCH This Week

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-6238 MEDIUM This Month

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel Fedora
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-5341 MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Imagemagick Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-48237 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48236 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48235 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48234 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48233 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48232 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-48231 MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption Vim Fedora
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-6112 HIGH This Week

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
30.3%
CVE-2023-5997 HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-5528 Go HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kubernetes Microsoft Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +13
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Stack Overflow Linux +4
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Denial Of Service +3
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A flaw was found in the grub2-set-bootflag utility of grub2. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Grub2 Enterprise Linux +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Ansible Enterprise Linux +4
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Vim +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

An integer overflow was found in the __vsyslog_internal function of the glibc library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Glibc Fedora
NVD
EPSS 1% CVSS 8.2
HIGH POC This Week

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Glibc +1
NVD
EPSS 25% CVSS 8.4
HIGH POC THREAT Act Now

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, reachable via the syslog/vsyslog interfaces when openlog was not called (or called with a NULL ident) and argv[0]'s basename exceeds 1024 bytes. Any setuid/setgid binary on affected Linux distributions (including Fedora 38 and 39) that invokes syslog can be leveraged by a local attacker to crash the process or escalate privileges to root. Publicly available exploit code exists and EPSS sits at the 96th percentile, signaling meaningful real-world risk despite the local attack vector.

Privilege Escalation Heap Overflow Buffer Overflow +2
NVD
EPSS 28% CVSS 7.8
HIGH POC KEV PATCH THREAT This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Use After Free Linux +13
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

A buffer overflow was found in Shim in the 32-bit system. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Integer Overflow Shim +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Denial Of Service +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Google +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jupyterlab Notebook +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jupyterlab Notebook +1
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

A flaw was found in the Netfilter subsystem in the Linux kernel. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 22% CVSS 8.8
HIGH This Week

Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A vulnerability was found in GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Gnutls +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Relax And Recover Linux Enterprise +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Chrome +1
NVD
EPSS 7% CVSS 8.1
HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Redis +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA.

CSRF Enterprise Linux For Power Little Endian Eus Enterprise Linux For Power Big Endian +19
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. Rated high severity (CVSS 7.8). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow RCE +5
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Fedora +1
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH This Week

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Linux Memory Corruption +5
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google +3
NVD
EPSS 10% CVSS 8.8
HIGH This Month

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google +2
NVD
EPSS 1% CVSS 8.8
HIGH This Month

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google +3
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Libssh Fedora +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A stack based buffer overflow was found in the virtio-net device of QEMU. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required.

Stack Overflow Buffer Overflow Qemu +2
NVD
EPSS 1% CVSS 7.3
HIGH POC PATCH This Week

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Handler. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Sqlite +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Aomedia Fedora
NVD VulDB
EPSS 17% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Spreadsheet +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass SSH Openssh +2
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Exim Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM POC This Month

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Postfix Fedora +1
NVD GitHub
EPSS 7% CVSS 8.8
HIGH POC KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 1% CVSS 7.0
HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Extra Packages For Enterprise Linux +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Fedora +1
NVD
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in perl 5.30.0 through 5.38.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Perl +4
NVD GitHub
EPSS 44% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Ssti Ansible +5
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +3
NVD GitHub
EPSS 8% CVSS 6.3
MEDIUM PATCH This Month

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Ubuntu Authentication Bypass Android +6
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Debian Linux +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 9% CVSS 8.8
HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +8
NVD
EPSS 18% CVSS 6.5
MEDIUM KEV THREAT This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 20% CVSS 9.6
CRITICAL KEV THREAT Act Now

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google +4
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Debian Linux Gnutls +2
NVD
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

An out-of-memory flaw was found in libtiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libtiff Fedora
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +3
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim +1
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim +1
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim +1
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim +1
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Vim +1
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Vim Fedora
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vim is an open source command line text editor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption +2
NVD GitHub VulDB
EPSS 30% CVSS 8.8
HIGH This Week

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Kubernetes Microsoft +1
NVD GitHub
Prev Page 3 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy