Skip to main content

Fedora

4409 CVEs product

Monthly

CVE-2023-38201 PyPI MEDIUM PATCH This Month

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Keylime Enterprise Linux Enterprise Linux Eus Enterprise Linux For Ibm Z Systems +5
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3899 HIGH This Week

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Authentication Bypass Subscription Manager Fedora +18
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4431 HIGH This Week

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-4430 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
8.8%
CVE-2023-4429 HIGH This Week

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4428 HIGH This Week

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.1
EPSS
10.9%
CVE-2023-4427 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.1
EPSS
34.0%
CVE-2023-20197 HIGH This Week

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Endpoint Secure Endpoint Private Cloud Fedora
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4367 MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4366 HIGH This Week

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4365 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4364 MEDIUM This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4363 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4361 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4360 MEDIUM This Month

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4359 MEDIUM This Month

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Chrome Debian Linux +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-4358 HIGH This Week

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4357 HIGH This Week

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
45.9%
CVE-2023-4356 HIGH This Week

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4355 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
26.8%
CVE-2023-4354 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-4353 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4352 HIGH This Week

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4351 HIGH This Week

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4350 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4349 HIGH This Week

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32006 HIGH This Week

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Node Js Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-32004 HIGH This Week

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-32003 MEDIUM This Month

`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-4322 CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2 Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3824 CRITICAL POC Act Now

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2023-3823 HIGH POC This Week

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23908 MEDIUM This Month

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass Microcode Debian Linux +137
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-22840 MEDIUM This Month

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Onevpl Gpu Runtime Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-22338 MEDIUM This Month

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Onevpl Gpu Runtime Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4273 MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2023-38180 NuGet HIGH KEV PATCH THREAT This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Asp Net Core Visual Studio 2022 Fedora
NVD
CVSS 3.1
7.5
EPSS
15.5%
CVE-2023-20588 MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Epyc 7351P Firmware Epyc 7401P Firmware +44
NVD
CVSS 3.1
5.5
EPSS
12.4%
CVE-2023-20569 MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora Debian Linux Ryzen 9 5950X Firmware +152
NVD
CVSS 3.1
4.7
EPSS
6.2%
CVE-2023-39978 LOW PATCH Monitor

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Imagemagick Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-4194 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Linux Authentication Bypass Memory Corruption Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-4147 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38497 Cargo HIGH PATCH This Week

Cargo downloads the Rust project’s dependencies and compiles the project. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Cargo Fedora
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2023-4135 MEDIUM PATCH This Month

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4133 MEDIUM This Month

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4132 MEDIUM This Month

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3180 MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4073 HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-29408 Go MEDIUM PATCH This Month

The TIFF decoder does not place a limit on the size of compressed tile data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Image Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29407 Go MEDIUM PATCH This Month

A maliciously-crafted image can cause excessive CPU consumption in decoding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Image Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4016 LOW Monitor

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Procps Fedora
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-38559 MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service Ghostscript Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4004 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-37920 PyPI CRITICAL PATCH Act Now

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Certifi Fedora Active Iq Unified Manager Management Services For Element Software +4
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3773 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux Enterprise Linux Fedora +2
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-3772 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Enterprise Linux Enterprise Linux For Real Time +4
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-38200 PyPI HIGH PATCH This Week

A flaw was found in Keylime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Keylime Enterprise Linux Enterprise Linux Eus Enterprise Linux For Ibm Z Systems +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-1386 HIGH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38633 MEDIUM POC PATCH This Month

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Librsvg Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2023-3347 MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba Storage Enterprise Linux +1
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-34968 MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-34967 MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba Fedora Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
62.6%
CVE-2023-34966 HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.0%
CVE-2023-38408 CRITICAL POC PATCH THREAT Act Now

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH RCE Openssh Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
76.8%
CVE-2023-3674 PyPI LOW PATCH Monitor

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Information Disclosure Keylime Fedora
NVD GitHub
CVSS 3.1
2.8
EPSS
0.2%
CVE-2023-22058 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.4
EPSS
1.5%
CVE-2023-22057 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-22056 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2023-22054 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-22053 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2023-22048 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
3.1
EPSS
0.8%
CVE-2023-22046 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2023-22038 LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
2.7
EPSS
0.8%
CVE-2023-22033 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.4
EPSS
1.0%
CVE-2023-22008 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2023-22005 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.4
EPSS
1.1%
CVE-2023-0160 MEDIUM POC PATCH This Month

A deadlock flaw was found in the Linux kernel’s BPF subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38403 HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-38253 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38252 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3106 HIGH PATCH This Week

A NULL pointer dereference vulnerability was found in netlink_dump. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Null Pointer Dereference Linux Kernel Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33170 NuGet HIGH PATCH This Week

ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Net Visual Studio 2022 Fedora
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-3354 HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu Openstack Platform Enterprise Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-36824 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Redis Heap Overflow Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
77.4%
CVE-2023-3269 HIGH PATCH This Week

A vulnerability exists in the memory management subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-1672 MEDIUM POC PATCH This Month

A race condition exists in the Tang server functionality for key generation and key rotation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available.

Race Condition Information Disclosure Tang Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34432 HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34318 HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32627 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26590 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Keylime Enterprise Linux +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Authentication Bypass +20
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 9% CVSS 8.8
HIGH This Week

Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 11% CVSS 8.1
HIGH This Week

Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +3
NVD
EPSS 34% CVSS 8.1
HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Endpoint Secure Endpoint Private Cloud +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 46% CVSS 8.8
HIGH This Week

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 27% CVSS 8.8
HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Node Js +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2 +1
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow PHP Fedora +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE PHP Fedora +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass +139
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Onevpl Gpu Runtime +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel +2
NVD
EPSS 1% CVSS 6.7
MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux +8
NVD
EPSS 16% CVSS 7.5
HIGH KEV PATCH THREAT This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Asp Net Core +2
NVD
EPSS 12% CVSS 5.5
MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux +46
NVD
EPSS 6% CVSS 4.7
MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora +154
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Imagemagick Fedora
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Linux Authentication Bypass Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +9
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Cargo downloads the Rust project’s dependencies and compiles the project. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Cargo Fedora
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux +7
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Chrome +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

The TIFF decoder does not place a limit on the size of compressed tile data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Image Fedora
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A maliciously-crafted image can cause excessive CPU consumption in decoding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Image Fedora
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Procps +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux +9
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Certifi Fedora +6
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux +6
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in Keylime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Keylime Enterprise Linux +7
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Fedora
NVD GitHub
EPSS 2% CVSS 5.5
MEDIUM POC PATCH This Month

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Librsvg Fedora +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora +3
NVD
EPSS 63% CVSS 5.3
MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba +3
NVD
EPSS 62% CVSS 7.5
HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora +2
NVD
EPSS 77% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH RCE Openssh +1
NVD GitHub
EPSS 0% CVSS 2.8
LOW PATCH Monitor

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Information Disclosure Keylime Fedora
NVD GitHub
EPSS 1% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 2% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 3.1
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Mysql Server +5
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Mysql Server +5
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server +5
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

A deadlock flaw was found in the Linux kernel’s BPF subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A NULL pointer dereference vulnerability was found in netlink_dump. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Null Pointer Dereference +2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Net +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in the QEMU built-in VNC server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu +3
NVD
EPSS 77% CVSS 8.8
HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Redis +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A vulnerability exists in the memory management subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Linux +4
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A race condition exists in the Tang server functionality for key generation and key rotation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available.

Race Condition Information Disclosure Tang +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux +2
NVD
Prev Page 6 of 49 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy