Skip to main content

Solidfire

169 CVEs product

Monthly

CVE-2024-32487 HIGH PATCH This Week

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Command Injection Less Debian Linux Bootstrap Os Hci Storage Nodes +1
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-38432 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.10. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Solidfire +5
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2022-35252 LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap Element Software Hci Management Node +9
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2022-21549 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java Graalvm Jdk +12
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-21540 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Oracle Authentication Bypass Java Use After Free +15
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-34169 Maven HIGH POC PATCH THREAT Act Now

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Apache RCE Java Xalan Java Debian Linux +14
NVD VulDB
CVSS 3.1
7.5
EPSS
11.0%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-2068 HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux Fedora Sinec Ins +24
NVD
CVSS 3.1
7.3
EPSS
96.3%
CVE-2022-1678 HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel Active Iq Unified Manager Cloud Volumes Ontap Mediator +14
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2022-1587 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Enterprise Linux Fedora +9
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2022-1586 CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 Fedora Enterprise Linux +10
NVD GitHub
CVSS 3.1
9.1
EPSS
3.2%
CVE-2022-1619 HIGH POC PATCH This Week

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2022-21496 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Graalvm Java Se +14
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2022-21476 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Jdk +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2022-21443 LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Oracle Graalvm Java Se +14
NVD
CVSS 3.1
3.7
EPSS
2.7%
CVE-2022-21366 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-21360 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21341 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Oracle Denial Of Service Java Graalvm +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21340 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
6.4%
CVE-2022-21305 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2022-21299 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21296 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Oracle Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21294 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21293 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21291 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java Graalvm Jdk +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21283 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +18
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21282 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-21277 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java Graalvm Jdk +17
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-43818 PyPI HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml Fedora Debian Linux +8
NVD GitHub
CVSS 3.1
7.1
EPSS
2.5%
CVE-2021-42377 CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2021-42376 MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42375 MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora Cloud Backup Hci Management Node +8
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-42374 MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Busybox Fedora +10
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-42373 MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox Fedora Cloud Backup +9
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-35603 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
3.7
EPSS
4.1%
CVE-2021-35588 LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
3.1
EPSS
3.6%
CVE-2021-35586 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.3%
CVE-2021-35578 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.2%
CVE-2021-35567 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java Openjdk Graalvm +14
NVD
CVSS 3.1
6.8
EPSS
2.7%
CVE-2021-35565 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.9%
CVE-2021-35564 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
5.2%
CVE-2021-35561 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
6.5%
CVE-2021-35559 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
14.8%
CVE-2021-35556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-35550 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +11
NVD
CVSS 3.1
5.9
EPSS
6.9%
CVE-2021-41864 HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +13
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-41617 HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh Fedora Active Iq Unified Manager +9
NVD VulDB
CVSS 3.1
7.0
EPSS
0.3%
CVE-2016-20012 MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh Clustered Data Ontap Hci Management Node +2
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
14.6%
CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2021-38203 MEDIUM POC PATCH This Month

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel Hci Bootstrap Os Hci Management Node +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-38202 HIGH PATCH This Week

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Linux Denial Of Service Linux Kernel +5
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-38201 HIGH PATCH This Week

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Denial Of Service Linux Kernel Hci Bootstrap Os +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-38199 MEDIUM PATCH This Month

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Hci Bootstrap Os Hci Management Node +3
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-38160 HIGH PATCH This Week

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel Hci Bootstrap Os Hci Management Node +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-35942 CRITICAL Act Now

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Glibc Active Iq Unified Manager E Series Santricity Os Controller +4
NVD
CVSS 3.1
9.1
EPSS
2.7%
CVE-2021-33910 MEDIUM POC PATCH This Month

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Fedora Debian Linux Hci Management Node +1
NVD GitHub
CVSS 3.1
5.5
EPSS
8.6%
CVE-2021-33909 HIGH POC PATCH This Week

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Fedora +5
NVD GitHub
CVSS 3.1
7.8
EPSS
9.7%
CVE-2021-34429 Maven MEDIUM POC PATCH THREAT This Month

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty E Series Santricity Os Controller E Series Santricity Web Services Element Plug In For Vcenter Server +14
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
99.3%
CVE-2021-22555 HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware C250 Firmware H410c Firmware +18
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
78.7%
CVE-2021-3517 Ruby HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 Jboss Core Services Enterprise Linux +25
NVD
CVSS 3.1
8.6
EPSS
8.3%
CVE-2021-2163 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Jdk Jre +9
NVD
CVSS 3.1
5.3
EPSS
3.6%
CVE-2021-2161 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Jdk Jre +10
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2021-29154 HIGH PATCH This Week

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Linux RCE Command Injection Linux Kernel Fedora +11
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-22890 LOW POC PATCH Monitor

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +7
NVD
CVSS 3.1
3.7
EPSS
3.1%
CVE-2021-22876 MEDIUM POC PATCH This Month

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +8
NVD
CVSS 3.1
5.3
EPSS
5.3%
CVE-2021-28041 HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh Fedora Cloud Backup +6
NVD GitHub
CVSS 3.1
7.1
EPSS
3.4%
CVE-2021-3156 HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo Fedora Debian Linux +21
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
99.3%
CVE-2021-23240 HIGH POC This Week

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Hci Management Node Solidfire Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-23239 LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup Hci Management Node Solidfire +2
NVD
CVSS 3.1
2.5
EPSS
1.0%
CVE-2020-8286 HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Clustered Data Ontap +13
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2020-8285 HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux Fedora Clustered Data Ontap +19
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-16599 MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Cloud Backup Hci Management Node +2
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-29369 HIGH POC PATCH This Week

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Hci Management Node +3
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2020-29368 HIGH POC PATCH This Week

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel Cloud Backup +5
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2020-14803 MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Openjdk Graalvm +17
NVD
CVSS 3.1
5.3
EPSS
3.1%
CVE-2020-14798 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.1
EPSS
2.7%
CVE-2020-14797 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2020-14796 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +16
NVD
CVSS 3.1
3.1
EPSS
2.5%
CVE-2020-14792 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +17
NVD
CVSS 3.1
4.2
EPSS
2.2%
CVE-2020-14781 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Openjdk Jdk +15
NVD
CVSS 3.1
3.7
EPSS
2.3%
CVE-2020-14779 LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle Openjdk Jdk +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2020-26116 HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora Ubuntu Linux Solidfire +4
NVD
CVSS 3.1
7.2
EPSS
6.4%
EPSS 1% CVSS 8.6
HIGH PATCH This Week

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity.

Command Injection Less Debian Linux +3
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.10. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux +7
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +11
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Oracle Java +14
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Oracle Authentication Bypass +17
NVD VulDB
EPSS 11% CVSS 7.5
HIGH POC PATCH THREAT Act Now

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Apache RCE Java +16
NVD VulDB
EPSS 7% CVSS 5.9
MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora +12
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +12
NVD
EPSS 32% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 27% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 96% CVSS 7.3
HIGH PATCH This Week

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection OpenSSL Debian Linux +26
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Linux Information Disclosure Linux Kernel +16
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +11
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Pcre2 +12
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +5
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +16
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +18
NVD VulDB
EPSS 3% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Oracle +16
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Oracle Denial Of Service +20
NVD VulDB
EPSS 6% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Oracle +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +20
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Java +20
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +20
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Oracle Java +19
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Java +19
NVD VulDB
EPSS 2% CVSS 7.1
HIGH PATCH This Week

lxml is a library for processing XML and HTML in the Python language. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Lxml +10
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Busybox Fedora +10
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +12
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Busybox +11
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +14
NVD
EPSS 4% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java +16
NVD
EPSS 7% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 5% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Java +14
NVD
EPSS 6% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Java +14
NVD
EPSS 15% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Oracle Java +14
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +14
NVD
EPSS 7% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +13
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Linux Integer Overflow +15
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Rated high severity (CVSS 7.0).

SSH Privilege Escalation Openssh +11
NVD VulDB
EPSS 15% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.6%.

SSH Information Disclosure Openssh +4
NVD GitHub VulDB
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Linux Kernel +4
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of service (out-of-bounds read in strlen) by sending NFS traffic when the trace event framework is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Linux +7
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Denial Of Service +5
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which allows operators of remote NFSv4 servers to cause a denial of service (hanging of mounts) by. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel +6
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl +18
NVD VulDB
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Glibc +6
NVD
EPSS 9% CVSS 5.5
MEDIUM POC PATCH This Month

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Systemd Fedora +3
NVD GitHub
EPSS 10% CVSS 7.8
HIGH POC PATCH This Week

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +7
NVD GitHub
EPSS 99% CVSS 5.3
MEDIUM POC PATCH THREAT This Month

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty E Series Santricity Os Controller +16
NVD GitHub Exploit-DB
EPSS 79% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption C400 Firmware +20
NVD GitHub Exploit-DB
EPSS 8% CVSS 8.6
HIGH PATCH This Week

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Libxml2 +27
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +11
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Linux RCE Command Injection +13
NVD
EPSS 3% CVSS 3.7
LOW POC PATCH Monitor

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora +9
NVD
EPSS 5% CVSS 5.3
MEDIUM POC PATCH This Month

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +10
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

SSH Information Disclosure Openssh +8
NVD GitHub
EPSS 99% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Privilege Escalation Sudo +23
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH POC This Week

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Hci Management Node +2
NVD
EPSS 1% CVSS 2.5
LOW POC Monitor

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Sudo Cloud Backup +4
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora +15
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libcurl Debian Linux +21
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora +21
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Binutils +4
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +5
NVD
EPSS 0% CVSS 7.0
HIGH POC PATCH This Week

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Linux Information Disclosure +7
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +19
NVD
EPSS 3% CVSS 3.1
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 3.1
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +18
NVD
EPSS 2% CVSS 4.2
MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +19
NVD
EPSS 2% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass +17
NVD
EPSS 4% CVSS 3.7
LOW Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Denial Of Service Oracle +19
NVD
EPSS 6% CVSS 7.2
HIGH POC PATCH This Week

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Python Fedora +6
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy