Skip to main content

Leap

1763 CVEs product

Monthly

CVE-2025-32463 CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian Leap Linux Enterprise Desktop +8
NVD Exploit-DB
CVSS 3.1
9.3
EPSS
26.5%
Threat
5.7
CVE-2023-32182 HIGH POC This Week

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Leap Linux Enterprise High Performance Computing Suse Linux Enterprise Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-31252 MEDIUM This Month

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Leap Leap Micro Linux Enterprise Server
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-26676 MEDIUM PATCH This Month

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Connman Debian Linux Leap
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-26675 HIGH PATCH This Week

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Connman Debian Linux Leap
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2020-0569 MEDIUM PATCH This Month

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Microsoft Buffer Overflow Memory Corruption Intel +15
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2020-16846 PyPI CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux Fedora Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2020-28049 MEDIUM POC This Month

An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Sddm Leap Debian Linux +1
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2020-16011 CRITICAL Act Now

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Google Memory Corruption Chrome +3
NVD
CVSS 3.1
9.6
EPSS
2.4%
CVE-2020-16009 NuGet HIGH POC KEV PATCH THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Cefsharp Chrome +6
NVD
CVSS 3.1
8.8
EPSS
48.6%
CVE-2020-16008 HIGH This Week

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-16007 HIGH This Week

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-16006 HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Chrome Backports Sle +3
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-16005 HIGH This Week

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Backports Sle Leap +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-16004 HIGH This Week

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-14323 MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-27673 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Debian Linux Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-27672 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-27671 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing. Rated high severity (CVSS 7.8).

Denial Of Service Xen Leap Debian Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-27670 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen Leap Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-15683 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption RCE Use After Free +5
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-27560 LOW PATCH Monitor

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux Leap
NVD GitHub
CVSS 3.1
3.3
EPSS
1.5%
CVE-2020-14803 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Openjdk Graalvm +17
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-14798 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.1
EPSS
2.7%
CVE-2020-14797 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2020-14796 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.1
EPSS
2.5%
CVE-2020-14792 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +17
NVD
CVSS 3.1
4.2
EPSS
2.2%
CVE-2020-14782 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +14
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2020-14781 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +15
NVD
CVSS 3.1
3.7
EPSS
2.3%
CVE-2020-14779 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Openjdk Jdk +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2020-25829 HIGH This Week

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2020-27153 HIGH PATCH This Week

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Bluez Debian Linux Leap
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-15229 Go CRITICAL PATCH Act Now

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Singularity Backports Sle Leap
NVD GitHub
CVSS 3.1
9.3
EPSS
2.0%
CVE-2020-25645 HIGH POC This Week

A flaw was found in the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Debian Linux Solidfire Hci Management Node +4
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-26935 PHP CRITICAL POC PATCH THREAT Act Now

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Backports Sle Leap Fedora +1
NVD
CVSS 3.1
9.8
EPSS
67.1%
CVE-2020-26934 PHP MEDIUM PATCH This Month

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Backports Sle Leap Fedora +1
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2020-26164 MEDIUM PATCH This Month

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kdeconnect Backports Sle Leap
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-11800 CRITICAL Act Now

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zabbix Backports Sle Leap Debian Linux
NVD
CVSS 3.1
9.8
EPSS
9.2%
CVE-2020-14355 MEDIUM PATCH This Month

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Spice Openstack Ubuntu Linux +7
NVD
CVSS 3.1
6.6
EPSS
2.7%
CVE-2020-25866 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Wireshark Fedora Leap +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-25863 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
4.9%
CVE-2020-25862 HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-25643 HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2020-25641 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux Leap +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25637 MEDIUM PATCH This Month

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Libvirt Leap
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-8228 MEDIUM POC This Month

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Preferred Providers Backports Sle Leap
NVD
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-7070 MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora Debian Linux Leap +3
NVD
CVSS 3.1
5.3
EPSS
5.0%
CVE-2020-7069 MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora Debian Linux Leap +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2020-15678 HIGH This Week

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +4
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-15677 MEDIUM This Month

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Open Redirect Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-15676 MEDIUM This Month

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox Firefox Esr Thunderbird +2
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2020-15673 HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption RCE Use After Free +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-14374 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-14378 LOW PATCH Monitor

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-14377 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2020-14376 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-14375 HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

Information Disclosure Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-26154 CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-26117 HIGH PATCH This Week

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tigervnc Debian Linux Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
3.1%
CVE-2020-26116 HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora Ubuntu Linux Solidfire +4
NVD
CVSS 3.1
7.2
EPSS
6.4%
CVE-2020-15211 PyPI MEDIUM POC PATCH This Month

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2020-15210 PyPI MEDIUM POC PATCH This Month

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-15209 PyPI MEDIUM POC PATCH This Month

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2020-15208 PyPI CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-15207 PyPI CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Python Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15206 PyPI HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-15205 PyPI CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2020-15204 PyPI MEDIUM POC PATCH This Month

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-15203 PyPI HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-15202 PyPI CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
9.0
EPSS
1.2%
CVE-2020-15195 PyPI HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-15194 PyPI MEDIUM POC PATCH This Month

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-15193 PyPI HIGH POC PATCH This Week

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Python Tensorflow Leap
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-15192 PyPI MEDIUM POC PATCH This Month

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-15191 PyPI MEDIUM POC PATCH This Month

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-15190 PyPI MEDIUM POC PATCH This Month

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-26088 MEDIUM PATCH This Month

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Linux Privilege Escalation Linux Kernel Debian Linux Leap +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25604 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen Fedora Debian Linux +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2020-25603 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen Fedora Leap +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-25602 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2020-25601 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25600 MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25599 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen Fedora Leap +1
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2020-25598 MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Leap
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-25596 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd Xen Fedora +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-25595 HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen Fedora Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-6576 HIGH PATCH This Week

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-6575 HIGH PATCH This Week

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Race Condition Information Disclosure Chrome Backports Sle +3
NVD
CVSS 3.1
8.3
EPSS
1.4%
CVE-2020-6574 HIGH PATCH This Week

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Chrome Backports Sle Leap +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-6573 CRITICAL Act Now

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome +4
NVD
CVSS 3.1
9.6
EPSS
1.8%
EPSS 27% 5.7 CVSS 9.3
CRITICAL POC KEV PATCH THREAT Act Now

Sudo before 1.9.17p1 contains a local root escalation vulnerability (CVE-2025-32463, CVSS 9.3) through the --chroot option, which loads /etc/nsswitch.conf from the user-controlled chroot directory instead of the host system. KEV-listed with EPSS 26.5% and public PoC, this vulnerability allows any user with sudo --chroot access to achieve root privileges by placing a malicious nsswitch configuration and library in their chroot.

Information Disclosure Ubuntu Debian +10
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Leap Linux Enterprise High Performance Computing +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Leap Leap Micro +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Connman Debian Linux +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Connman +2
NVD
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Denial Of Service Microsoft Buffer Overflow +17
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Emergency

An issue was discovered in SaltStack Salt through 3002. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salt Debian Linux +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM POC This Month

An issue was discovered in SDDM before 0.19.0. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Sddm +3
NVD GitHub
EPSS 2% CVSS 9.6
CRITICAL Act Now

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Google +5
NVD
EPSS 49% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +6
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +3
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing. Rated high severity (CVSS 7.8).

Denial Of Service Xen Leap +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU. Rated high severity (CVSS 7.8).

Denial Of Service Amd Xen +3
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption +7
NVD
EPSS 1% CVSS 3.3
LOW PATCH Monitor

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Imagemagick Debian Linux +1
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +19
NVD
EPSS 3% CVSS 3.1
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 3.1
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 4.2
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +19
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +16
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +17
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +19
NVD
EPSS 7% CVSS 7.5
HIGH This Week

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Backports Sle +1
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Bluez +2
NVD GitHub VulDB
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Singularity Backports Sle +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

A flaw was found in the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel +6
NVD
EPSS 67% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Phpmyadmin Backports Sle +3
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin Backports Sle +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Kdeconnect Backports Sle +1
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL Act Now

Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zabbix Backports Sle +2
NVD
EPSS 3% CVSS 6.6
MEDIUM PATCH This Month

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Spice +9
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Wireshark +3
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +3
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora +3
NVD
EPSS 3% CVSS 7.2
HIGH PATCH This Week

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Linux +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel +4
NVD
EPSS 1% CVSS 6.7
MEDIUM PATCH This Month

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Denial Of Service Libvirt Leap
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Preferred Providers Backports Sle +1
NVD
EPSS 5% CVSS 5.3
MEDIUM POC This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Fedora +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Fedora +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption +6
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Open Redirect Firefox +4
NVD
EPSS 2% CVSS 6.1
MEDIUM This Month

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mozilla Firefox +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow Memory Corruption +7
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow Data Plane Development Kit +2
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Data Plane Development Kit +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Data Plane Development Kit Ubuntu Linux +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

Information Disclosure Data Plane Development Kit Ubuntu Linux +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora +2
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Information Disclosure Tigervnc +2
NVD GitHub
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora +6
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM POC PATCH This Month

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Tensorflow +1
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Python +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Tensorflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Python Tensorflow +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status`. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow Leap
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tensorflow Leap
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Linux Privilege Escalation Linux Kernel +3
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Xen +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Debian Linux +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An issue was discovered in Xen 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora +1
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

An issue was discovered in Xen through 4.14.x. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Amd +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An issue was discovered in Xen through 4.14.x. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Denial Of Service Privilege Escalation Xen +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Use After Free Denial Of Service +6
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Google Race Condition Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Chrome +4
NVD
EPSS 2% CVSS 9.6
CRITICAL Act Now

Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +6
NVD
Page 1 of 20 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy